What could be the reason custom app alert is not w...

geekf · ‎05-24-2023

I have created a custom app and I get this error in Splunk

 Error in 'sendalert' command: Alert action script for action "list_ip" not found.

I am using list_ip in both alert_actions.conf and commands.conf. The Python file is in /bin. What could be the reason for this error?

Here are the file contents

commands.conf

[list_ip]
filename = list.py
command.arg.1 = $results.file$

alert_actions.conf

[list_ip]
label = List IP
description = This action will send IP addresses to a custom webhook
icon_path = icon.png
is_custom = 1
payload_format = json

list.py

#!/usr/bin/env python3

import csv
import json
import requests
import sys

def send_webhook(ip_list):
    url = "http://192.168.28.215:8080/list_ips"
    headers = {
        "Content-Type": "application/json; charset=utf-8"
    }
    data = {
        "ips": ip_list
    }
    response = requests.post(url, data=json.dumps(data), headers=headers)
    print(response.status_code)

def main():
    if len(sys.argv) > 1:
        results_file = sys.argv[1]  # retrieve the results file passed as argument
        ip_list = []

        with open(results_file, 'r') as file:
            reader = csv.DictReader(file)
            for row in reader:
                ip_list.append(row['ip'])

        send_webhook(ip_list)
    else:
        print("No arguments provided.")

if __name__ == "__main__":
    main()

What could be the reason custom app alert is not working?

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

Are you a member of the Splunk Community?

What could be the reason custom app alert is not working?

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases