Hi,
We just have installed your app but for some reason the alert that we have configured it doesn't send anything if we configured the alert action Send results as XLS.
We just configured the fields: Recipient / Subject / Filename / Message Body
If we remove the alert action Send result as XLS and configure the standard email with csv, the same alert works perfectly.
In the internal index I can see an error event in JSON format ERROR sendmodalert - action=sendxlsresults_alert STDERR and also I can see the results of the search in this event.
Any idea about what could be the problem?
Thanks in advance
In the Readme.md in app, there is the debug search command:
index=_internal sourcetype=splunkd sendmodalert action=sendxlsresults_alert STDERR | eval logmsg=substr(_raw,89)
| append [search index=_internal source="/opt/splunk/var/log/splunk/sendxlsresults.log" | eval logmsg=_raw]
| table _time,logmsg | reverse
Then, juct check the message in the results.
After I delete the Chinese characters in previous step, my error message shows me that the following informations:
That's obvious that I had an error in connection to mail server, but I can send alert via splunk Email sender. Maybe I will spend a few time on it.
Hi, splunkers:
I found the python traceback in splunk log via the search command:
index=_internal source!="*access.log" sendemail
2019-04-25 11:20:03,469 ERROR invocation_id=1556162403.44:31954 invocation_type="action" msg="some error occured - stack trace follows" Traceback (most recent call last):
File "/opt/splunk/etc/apps/sendxlsresults/bin/sendxlsresults_alert.py", line 282, in <module>
sendemail(recipient, sender, subject, bodyText, argvals, filename)
File "/opt/splunk/etc/apps/sendxlsresults/bin/sendxlsresults_alert.py", line 152, in sendemail
part1 = MIMEText(bodyText, 'plain')
File "/opt/splunk/lib/python2.7/email/mime/text.py", line 30, in __init__
self.set_payload(_text, _charset)
File "/opt/splunk/lib/python2.7/email/message.py", line 226, in set_payload
self.set_charset(charset)
File "/opt/splunk/lib/python2.7/email/message.py", line 262, in set_charset
self._payload = self._payload.encode(charset.output_charset)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 6-9: ordinal not in range(128)
In the *sendxlsresults_alert.py*
looks as this:
225 print >> sys.stderr, "Settings we received:"
226 print >> sys.stderr, settings
227
228 print >> sys.stderr, "Arguments we received:"
229 print >> sys.stderr, argvals
230 bodyText = getarg(settings, "body", "")
231 subject = getarg(settings, "subject", "")
Then I add the following 2 lines just like this:
225 print >> sys.stderr, "Settings we received:"
226 print >> sys.stderr, settings
227
228 print >> sys.stderr, "Arguments we received:"
229 print >> sys.stderr, argvals
230 bodyText = getarg(settings, "body", "")
**231 print >> sys.stderr, "BodyText"**
**232 print >> sys.stderr, bodyText**
233 subject = getarg(settings, "subject", "")
After this, I used the debug search command in the Readme.me of this app :
index=_internal sourcetype=splunkd sendmodalert action=sendxlsresults_alert STDERR | eval logmsg=substr(_raw,89)
| append [search index=_internal source="/opt/splunk/var/log/splunk/sendxlsresults.log" | eval logmsg=_raw]
| table _time,logmsg | reverse
I found that the bodyText just be the message I've set in the schedule report page which is "V2ray数量统计" that contains Chinese characters at the position 6-9 in the string.
I think maybe I need to transforms character encoding from ascii to utf-8 in some way.
I receive the same error...