I am working through the Splunk Developers guide v 2 by Kyle Smith aka @alacercogitatus
https://answers.splunk.com/users/3659/alacercogitatus.html
I am having issues getting the custom alerting to work.
In particular the caa_file_write.py file is throwing the following errors in _internal:
06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR - File "/opt/sdg/splunk/lib/python2.7/json/decoder.py", line 382, in raw_decode
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR - File "/opt/sdg/splunk/lib/python2.7/json/decoder.py", line 364, in decode
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR - File "/opt/sdg/splunk/lib/python2.7/json/__init__.py", line 339, in loads
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
06-09-2016 19:23:21.635 -0400 ERROR sendmodalert - action=file_write STDERR - File "/opt/sdg/splunk/etc/apps/SDG/bin/caa_file_write.py", line 7, in
host = SPLK-ET source = /opt/sdg/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
The file in question is:
import sys, json, urllib2
def write_file(settings):
f = open('myfile','w')
f.write("%s"%json.dumps(settings))
f.close()
if __name__ == "__main__":
caa_config = json.loads(sys.stdin.read())
write_file(caa_config)
... View more