Hi,
I'm encountering this error when i run btool check:
Invalid key in stanza [email] in /opt/splunk/etc/apps/search/local/alert_actions.conf, line 2: show_password (value: True).
and inside the alert_actions.conf:
[email]
show_password = True
Could i just delete or rename the file ? and what is this stanza for ?
Cause i can't see it in the documentation https://docs.splunk.com/Documentation/Splunk/8.2.6/Admin/Alertactionsconf
Hi,
if the key is not present in the spec for alert_actions.conf, you are safe to remove it.
Splunk Windows 8.2.10 (upgraded from 8.2.6) -
Who/What would put that in alert_actions.conf?
[email]
show_password = True
Should I:
a. delete the alert_actions.conf file (nothing else is in the file) ?
b. Change it to False?
c. delete the file contents, but leave the empty file there?
Hi,
if the key is not present in the spec for alert_actions.conf, you are safe to remove it.
This solution did not work for me
I found that deleting the alert_actions.conf file under $SPLUNK_HOME/etc/app/search/local did not work, as the next time a send email alert is sent, Splunk just recreates the file with the unspec'd email.show_password = True entry.
I also found that this alert_actions file is also causing the "Send email" envelope icon (Settings > Alert Actions) to not render correctly in the UI.
I'm going to open a low level bug with Splunk about this, but in the meantime this is the workaround I've implemented:
1. Alert actions "Send email" icon
cp $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/img/mod_alert_icon_email.png $SPLUNK_HOME/etc/apps/search/appserver/static/
Note: our SHC is behind a load balancer so I also needed to increment the Bump version due to Splunk Web caching (http://<host>:<mport>/<locale_string>/_bump). Clearing your browser cache may also work (https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/assetcaching/)
2. Invalid entry when btool check run (optional)
* For Linux (modify commands as needed for Windows)
a) cd $SPLUNK_HOME/etc/apps/search/
b) mkdir README
c) cat <<EOF >README/alert_actions.conf.spec
show_password = <boolean>
* workaround, as parameter not defined in default alert_actions.conf.spec file
* this entry simply stops btool check complaining of invalid entry
EOF
d) Validate: ~/bin/splunk btool check
Note: I reproduced this on Splunk Enterprise v8.0.5 (it may occur in earlier version too), but looks to be fixed in latest v8.2.6. However, you may need to manually delete the $SPLUNK_HOME/etc/apps/search/local/alert_actions.conf file (or the show_password entry) if upgrading Splunk to latest from an earlier version (and splunk _internal call /services/admin/alert_actions/_reload + bump Splunk web) that had the issue already.
After creating the /opt/splunk/etc/apps/search/README directory, I ran "cat > alert_actions.conf.spec" within the README directory.
Hi yeahnah
Thanks for your analyses, we encounter the same problem still in 8.2.6 Did you open a support ticket? Which I could reference?
Hi @cyrmue
No sorry, I thought it was fixed in v8.2.6 so never raised it with Splunk.
I just had a look at my pre-prod v8.2.6 env and can see the issue has reappeared again there. At least I think I fixed it there but it's been a while now and I'd have to go back over what I did to reconfirm things.
Anyway, no Splunk support ticket was opened by me for this so please go ahead and raise it with them. Please update here if you open one too.
Hi
The problem is the python_upgrade_readiness_app App. If you upgrade it or disable it, the problem should disappear. But the buggy version is still shipped with the binary installation...
In Splunk 9.0 the python_upgrade_readiness_app should be shipped in Version 4.0 (in 8.2.6 it was 1.0).