I have created a custom app and I get this error in Splunk
Error in 'sendalert' command: Alert action script for action "list_ip" not found.
I am using list_ip in both alert_actions.conf and commands.conf. The Python file is in /bin. What could be the reason for this error?
Here are the file contents
commands.conf
[list_ip]
filename = list.py
command.arg.1 = $results.file$
alert_actions.conf
[list_ip]
label = List IP
description = This action will send IP addresses to a custom webhook
icon_path = icon.png
is_custom = 1
payload_format = json
list.py
#!/usr/bin/env python3
import csv
import json
import requests
import sys
def send_webhook(ip_list):
url = "http://192.168.28.215:8080/list_ips"
headers = {
"Content-Type": "application/json; charset=utf-8"
}
data = {
"ips": ip_list
}
response = requests.post(url, data=json.dumps(data), headers=headers)
print(response.status_code)
def main():
if len(sys.argv) > 1:
results_file = sys.argv[1] # retrieve the results file passed as argument
ip_list = []
with open(results_file, 'r') as file:
reader = csv.DictReader(file)
for row in reader:
ip_list.append(row['ip'])
send_webhook(ip_list)
else:
print("No arguments provided.")
if __name__ == "__main__":
main()