Splunk Search

Slack alert in Splunk 6.4 or 6.5.5

impurush
Contributor

Hello all,

I am getting the below error when I trigger alert from Slack alert app. I tried from Splunk 6.4 and 6.5.5 version also.

FATAL sendmodalert - action=slack STDERR - Unexpected error:

FATAL sendmodalert - action=slack STDERR - Alert action failed
INFO sendmodalert - action=slack - Alert action script completed in duration=127380 ms with exit code=6
WARN sendmodalert - action=slack - Alert action script returned error code=6

Tags (1)
0 Karma

impurush
Contributor

Hi,

below is my alert set up. I added to trigger mail also to verify the search is working perfectly or not, I am getting the alert mail. And I added incoming webhook configuration to my channel in the slack app. Also, I tried this webhook from my personal Splunk instance and it is working perfectly.
alt text

0 Karma

bjoernjensen
Contributor

Hey,

Looks like the sendalert script went into some error state: error code=6.

Might be that the way you want to add data lets the script run into a problem (e.g. NULL values, wrong token usage, ...). Can you show us how the alert is being defined?

All the best,
Björn

0 Karma

hijacob
Communicator

Hi,

did you use the slack notification alert? https://splunkbase.splunk.com/app/2878/ Maybe you this answer can solve your problem: https://answers.splunk.com/answers/351316/slack-notification-alert-how-can-i-get-the-message-1.html ?

Greetings,
Jacob

0 Karma

impurush
Contributor

Hi, I tried the same app and just sending the test message itself not working. Please see the attached screenshot in one my answer below.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...