All Apps and Add-ons

SNMP Splunk MA App for Netcool: Search Head Cluster Supported??,Is this add-on supported on a Search Head Cluster??

fahmed1
Engager

Is this add-on search head cluster supported?? I have this add-on deployed to both our prod (clustered) environment and our dev/qa (non-clustered) environment. The add-on seems to work perfectly fine on our non-clustered environment, however, it is throwing errors in our prod environment. The alert action configurations are identical across both environments.

FieldValidationException: The argument '_cam_workers' is not valid

0 Karma
1 Solution

pellegrini
Path Finder

I don't think this error is related to Search Head Clusters.
I saw this error on non-clustered Search Head where also the Common Information Model (CIM) version 4.12.0 is installed.
https://splunkbase.splunk.com/app/1621/

cat /opt/splunk/var/log/splunk/netcool_custom_modular_alert.log
2019-05-22 10:15:01,597 ERROR Execution failed: Traceback (most recent call last):
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 539, in execute
    cleaned_params = self.validate(payload['configuration'])
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 490, in validate
    raise FieldValidationException("The argument '%s' is not valid" % (name))
FieldValidationException: The argument '_cam' is not valid

2019-05-22 10:22:02,094 ERROR Execution failed: Traceback (most recent call last):
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 539, in execute
    cleaned_params = self.validate(payload['configuration'])
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 490, in validate
    raise FieldValidationException("The argument '%s' is not valid" % (name))
FieldValidationException: The argument '_cam_workers' is not valid

Run btool to see if CIM is causing the conflict with the NetCool app. If you see _cam config here, that might be the cause of the error. Or it might be another app with alert_actions config.

/opt/splunk/bin/splunk btool alert_actions list --debug

The config is locaded here:

-bash-4.2$ pwd
/opt/splunk/etc/apps/Splunk_SA_CIM/default
-bash-4.2$ cat alert_actions.conf

param._cam =
param._cam_workers =

Comment out these rows and restart Search Head and see if NetCool app works fine.
If it does, you should investigate what to do with that alert_actions config, if you need it.

View solution in original post

rrthokala
New Member

Looks like that seems to be the problem. That fixed it for me.

0 Karma

pellegrini
Path Finder

I don't think this error is related to Search Head Clusters.
I saw this error on non-clustered Search Head where also the Common Information Model (CIM) version 4.12.0 is installed.
https://splunkbase.splunk.com/app/1621/

cat /opt/splunk/var/log/splunk/netcool_custom_modular_alert.log
2019-05-22 10:15:01,597 ERROR Execution failed: Traceback (most recent call last):
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 539, in execute
    cleaned_params = self.validate(payload['configuration'])
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 490, in validate
    raise FieldValidationException("The argument '%s' is not valid" % (name))
FieldValidationException: The argument '_cam' is not valid

2019-05-22 10:22:02,094 ERROR Execution failed: Traceback (most recent call last):
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 539, in execute
    cleaned_params = self.validate(payload['configuration'])
  File "/opt/splunk/etc/apps/netcool_custom_modular_alert/bin/modular_alert.py", line 490, in validate
    raise FieldValidationException("The argument '%s' is not valid" % (name))
FieldValidationException: The argument '_cam_workers' is not valid

Run btool to see if CIM is causing the conflict with the NetCool app. If you see _cam config here, that might be the cause of the error. Or it might be another app with alert_actions config.

/opt/splunk/bin/splunk btool alert_actions list --debug

The config is locaded here:

-bash-4.2$ pwd
/opt/splunk/etc/apps/Splunk_SA_CIM/default
-bash-4.2$ cat alert_actions.conf

param._cam =
param._cam_workers =

Comment out these rows and restart Search Head and see if NetCool app works fine.
If it does, you should investigate what to do with that alert_actions config, if you need it.

kkrishnan_splun
Splunk Employee
Splunk Employee

Could you please tell me where you installed the add on ? Was it on heavy forwarders ? Also could you share a screenshot of the full error not releasing any sensitive data ?

0 Karma

pellegrini
Path Finder

The app is installed on a Search Head, Splunk Enterprise 7.1.2. It hasn't role heavy forwarder.
The full error messages are in the answer above where python script arguments are not valid, referring to arguments _cam and _cam_workers.

It can be helpful to print the modular_alert.py payload by adding this just before row 539, hence row 539 is throwing the error message.

     with open('/opt/splunk/temp/file.txt','w') as f: f.write(pprint.pformat(payload))
0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...