ahoang-splunk
commented
1 month ago Error code=1 indicates that there is an error message returned in the body payload. In $SPLUNK_HOME/etc/apps/slack/alerts/bin/slack.py the code is breaking on line 150 and returning the ERROR_CODE_UNKNOWN. If you are using an on prem slack environment you can manually edit slack.py and add a debugging line to print out the error, for example: log(res_body)
I would double check the Slack app setup, OAuth token, webhook, URL, etc and ensure that your Slack app has the necessary permissions.
Error message: Warn sendmodalert[]- action=slack - alert action script returned error code=1 ![Uploading IMG_6730.jpeg…]()