Splunk Dev

What could be the reason custom app alert is not working?

geekf
Path Finder

I have created a custom app and I get this error in Splunk 

 

 Error in 'sendalert' command: Alert action script for action "list_ip" not found.

 

 

I am using list_ip in both alert_actions.conf and commands.conf. The Python file is in /bin. What could be the reason for this error?

 

Here are the file contents

 

commands.conf

 

[list_ip]
filename = list.py
command.arg.1 = $results.file$

 

 

alert_actions.conf

 

[list_ip]
label = List IP
description = This action will send IP addresses to a custom webhook
icon_path = icon.png
is_custom = 1
payload_format = json

 

 

list.py

 

#!/usr/bin/env python3

import csv
import json
import requests
import sys

def send_webhook(ip_list):
    url = "http://192.168.28.215:8080/list_ips"
    headers = {
        "Content-Type": "application/json; charset=utf-8"
    }
    data = {
        "ips": ip_list
    }
    response = requests.post(url, data=json.dumps(data), headers=headers)
    print(response.status_code)

def main():
    if len(sys.argv) > 1:
        results_file = sys.argv[1]  # retrieve the results file passed as argument
        ip_list = []

        with open(results_file, 'r') as file:
            reader = csv.DictReader(file)
            for row in reader:
                ip_list.append(row['ip'])

        send_webhook(ip_list)
    else:
        print("No arguments provided.")

if __name__ == "__main__":
    main()

 

 

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...