Hi All,

I am creating an alert in an app which I have made using the add-on builder, my app name starts with SA-. As part of the alert I would like to use the log event trigger action. For some reason when I am in the context of my app I am unable to see this trigger action option. In the context of other apps such as search and other Splunk apps downloaded from splunk base I am able to see the log event trigger action.

under settings>alert actions I have confirmed the log event alert action has been shared globally.
Confirmed default.metadata in the alert_logevent app:

[alert_actions]
export = system

Confirmed my app is also shared globally.

I've made the alert_logevent app visible which did not work.

Tried renaming the app to remove the SA-

If I go to settings>searches,report and alerts>new alert. Then create the alert from the context of my app, I am now able to see the alert action but when it runs I get the following error

ERROR SearchScheduler - Error in 'sendalert' command: Alert action "logevent" not found., search='sendalert logevent results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__nobody_U0EtZGFya21hdHRlci10aHJlYXQtZGV0ZWN0aW9u__6005_at_1565846400_1262_27223330-DB35-4A3A-8767-873F2404D37B/per_result_alert/tmp_5.csv.gz" results_link="https://splunkserver:8000/app/app_name/app_name?q=|loadjob scheduler__nobody_U0EtZGFya21hdHRlci10aHJlYXQtZGV0ZWN0aW9u__6005_at_1565846400_1262_27223330-DB35-4A3A-8767-873F2404D37B | head 6 | tail 1&earliest=0&latest=now"'
08-15-2019 09:20:02.390 +0400 INFO sendmodalert - Invoking modular alert action=logevent for search="6005" 

I feel like it is a permission issue but not sure what else I can change.

Splunk Enterprise V7.0 and also on V7.1.3