What could be the reason custom app alert is not w...

geekf · ‎05-24-2023

I have created a custom app and I get this error in Splunk

 Error in 'sendalert' command: Alert action script for action "list_ip" not found.

I am using list_ip in both alert_actions.conf and commands.conf. The Python file is in /bin. What could be the reason for this error?

Here are the file contents

commands.conf

[list_ip]
filename = list.py
command.arg.1 = $results.file$

alert_actions.conf

[list_ip]
label = List IP
description = This action will send IP addresses to a custom webhook
icon_path = icon.png
is_custom = 1
payload_format = json

list.py

#!/usr/bin/env python3

import csv
import json
import requests
import sys

def send_webhook(ip_list):
    url = "http://192.168.28.215:8080/list_ips"
    headers = {
        "Content-Type": "application/json; charset=utf-8"
    }
    data = {
        "ips": ip_list
    }
    response = requests.post(url, data=json.dumps(data), headers=headers)
    print(response.status_code)

def main():
    if len(sys.argv) > 1:
        results_file = sys.argv[1]  # retrieve the results file passed as argument
        ip_list = []

        with open(results_file, 'r') as file:
            reader = csv.DictReader(file)
            for row in reader:
                ip_list.append(row['ip'])

        send_webhook(ip_list)
    else:
        print("No arguments provided.")

if __name__ == "__main__":
    main()

What could be the reason custom app alert is not working?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation