- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- MS Teams Alert Action - failures after upgrade fro...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MS Teams Alert Action - failures after upgrade from 1.0.11 to 1.0.18
Hi all,
I recently had our MS Teams Alert Action addon upgraded from 1.0.11 to 1.0.18, and have been seeing errors with older alerts due to a missing parameter, this one:
action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_order
What indicates this missing parameter failure is this error message in the MS Teams App → Logging Reports → MS Teams - modular action failures menu that contains this:
signature="Error: 'in <string>' requires string as left operand, not NoneType. Please double check spelling and also verify that a compatible version of Splunk_SA_CIM is installed." action_name="ms_teams_publish_to_channel"
The fix appears to be going in to the MS Teams action through the alert interface, and toggling the field ordering dropdown, this adds the missing parameter.
Is there a way to review all the existing alerts in my Splunk Cloud instance, and check for a missing parameter?
Thanks in advance,
Alex.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From March 3rd onward we kept receiving this message in every MS Teams alert that was sent: "Important: Your connector is running on old configuration. Navigate to connector configuration window to update to new configuration."
So finally I decided to update to version 1.0.19 and now zero messages are being sent. I see this in the log: "file=setup_util.py:log_info:117 | Customized key can not be found"...
Anyone an idea?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found an older work around, that apparently should fix this issue also 😀:
"Make sure you run the latest version (so redo the upgrade if you downgraded (downgrade did not fix it by the way))
Then for each alert that has the alert action, just go to:
Settings / Searches, reports and alerts / < the alert>
Then click on edit and just save it (without modifying anything), Splunk will add the missing parameters automatically.
This is due to a much earlier feature change which causes issues for older alerts that were created before the feature was introduced"
Hope this helps for others that made a recent upgrade from a somewhat older version that was still affected by this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I used this query to list all the scheduled searches (alerts) I had in Splunk using the MS Teams alert action:
| rest /services/saved/searches | search action.ms_teams_publish_to_channel=1 disabled=0
| table title author disabled action.ms_teams_publish_to_channel.param.alert_ms_teams_activity_title action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_list, action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_order
| sort disabled
| where isnull('action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_order')
Since I couldn't figure out a way to get the name of the scheduled search (for the REST query), I updated all alerts that were missing the parameter by hand, and set the ms_teams_fields_order parameter.
if there is an easier way, or if anyone knows how to get the name of the alert (for REST endpoints, not the alert title), please let me know.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
