Hi,
I am using the Splunk Add-on and App for Amazon Web Services (AWS). I enabled one of the default alerts and added a AWS Simple Notification Service (SNS) alert for trigger actions. But i am not receiving SNS alerts.
When i check the logs, I see "SNSPublisherError: Alert isn't published to SNS due to empty message content"
Mandatory fields for SNS alerts are Account, Region, Topic Name, Message ($result.message$) and all of them are correct. Can someone point me in the right direction as to what i might be missing?
your SPL output|eval message= host." ".sourcetype ." ". _raw|awssnsalert account="Account_to_connect_AWS" region="us-east-1" topic_name="topic_name" publish_all=1