Splunk Enterprise Security

Example of "adaptive response action" execute error


Hi Splunkers,
I followed the example of "adaptive response action" in this website https://dev.splunk.com/view/enterprise-security/SP-CAAAFBH
All i did was the same as this document described,when i filled splunk search box like :

| makeresults | eval user="example@example.com"| sendalert haveibeenpwned param.parameter_field=user

it displayed error words liked :
Error in 'sendalert' command: Alert script returned error code 1.

there were no debugging log here(i didnot know where to check the log).
i had checked the code and config file very carefully.Had anyone encountered the above situation?
if you had followed this example successfully (Can you provide your app?).
i need you help ,tks.

0 Karma

Splunk Employee
Splunk Employee

Check the search.log for the query you perform. This is under the Job > Inspect Job sub-menu near the time-picker.

Towards the end of the file, there should be a section for ERRORs thrown by the ScriptRunner component. Depending on if your script is written to send its errors to stderr (most are), you will see the error messages for the script.

0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...