Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Slack alert in Splunk 6.4 or 6.5.5

impurush
Contributor
‎12-05-2018 07:34 PM

Hello all,

I am getting the below error when I trigger alert from Slack alert app. I tried from Splunk 6.4 and 6.5.5 version also.

FATAL sendmodalert - action=slack STDERR - Unexpected error:

FATAL sendmodalert - action=slack STDERR - Alert action failed
INFO sendmodalert - action=slack - Alert action script completed in duration=127380 ms with exit code=6
WARN sendmodalert - action=slack - Alert action script returned error code=6

Tags (1)
0 Karma
Reply

impurush
Contributor
‎12-06-2018 06:46 AM

Hi,

below is my alert set up. I added to trigger mail also to verify the search is working perfectly or not, I am getting the alert mail. And I added incoming webhook configuration to my channel in the slack app. Also, I tried this webhook from my personal Splunk instance and it is working perfectly.
alt text

Preview file
62 KB
0 Karma
Reply

bjoernjensen
Contributor
‎12-06-2018 04:18 AM

Hey,

Looks like the sendalert script went into some error state: error code=6.

Might be that the way you want to add data lets the script run into a problem (e.g. NULL values, wrong token usage, ...). Can you show us how the alert is being defined?

All the best,
Björn

0 Karma
Reply

hijacob
Communicator
‎12-06-2018 04:17 AM

Hi,

did you use the slack notification alert? https://splunkbase.splunk.com/app/2878/ Maybe you this answer can solve your problem: https://answers.splunk.com/answers/351316/slack-notification-alert-how-can-i-get-the-message-1.html ?

Greetings,
Jacob

0 Karma
Reply

impurush
Contributor
‎12-06-2018 06:48 AM

Hi, I tried the same app and just sending the test message itself not working. Please see the attached screenshot in one my answer below.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...