All Apps and Add-ons

Splunk Add-on for Amazon Web Services: Alert isn't published to SNS due to empty message content

splunk82
New Member

Hi,

I am using the Splunk Add-on and App for Amazon Web Services (AWS). I enabled one of the default alerts and added a AWS Simple Notification Service (SNS) alert for trigger actions. But i am not receiving SNS alerts.

When i check the logs, I see "SNSPublisherError: Alert isn't published to SNS due to empty message content"

Mandatory fields for SNS alerts are Account, Region, Topic Name, Message ($result.message$) and all of them are correct. Can someone point me in the right direction as to what i might be missing?

0 Karma

lim2
Path Finder

your SPL output|eval message= host." ".sourcetype ." ". _raw|awssnsalert account="Account_to_connect_AWS" region="us-east-1" topic_name="topic_name" publish_all=1

0 Karma