Splunk Enterprise Security

Example of "adaptive response action" execute error

hellosplunkit
Loves-to-Learn

Hi Splunkers,
I followed the example of "adaptive response action" in this website https://dev.splunk.com/view/enterprise-security/SP-CAAAFBH
All i did was the same as this document described,when i filled splunk search box like :

| makeresults | eval user="example@example.com"| sendalert haveibeenpwned param.parameter_field=user

it displayed error words liked :
Error in 'sendalert' command: Alert script returned error code 1.

there were no debugging log here(i didnot know where to check the log).
i had checked the code and config file very carefully.Had anyone encountered the above situation?
if you had followed this example successfully (Can you provide your app?).
i need you help ,tks.

0 Karma

sduff_splunk
Splunk Employee
Splunk Employee

Check the search.log for the query you perform. This is under the Job > Inspect Job sub-menu near the time-picker.

Towards the end of the file, there should be a section for ERRORs thrown by the ScriptRunner component. Depending on if your script is written to send its errors to stderr (most are), you will see the error messages for the script.

0 Karma
Get Updates on the Splunk Community!

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...