Why am I getting an error when creating Apps with ...

jtlittle · ‎03-07-2018

this alert action gave me an error when testing the python.

2018-03-07 18:34:42,033 ERROR pid=24690 tid=MainThread file=cim_actions.py:message:271 | sendmodaction - signature="Error: 'module' object has no attribute 'process_event'. Please double check spelling and also verify that a compatible version of Splunk_SA_CIM is installed." action_name="test_alert" search_name="test_arf" sid="1520447680.116" rid="0" app="TA-fancydudeapp" user="admin" action_mode="adhoc" action_status="failure"

jtlittle · ‎03-07-2018

I found this in the error logs. I am trying to just create alert actions to add .json alerts to each event I alert on.

So its a python script which uses slack webhook to send the alert to with the crafted .json message.

The `os` module/method can be used to execute filesystem commands.

I would have an alert

1) alert action - slack alert with $ results.

Why am I getting an error when creating Apps with App builder when testing Python?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Why am I getting an error when creating Apps with App builder when testing Python?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem