From splunkd.log
Traceback (most recent call last):
04-29-2020 10:15:14.055 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - File "C:\Program Files\Splunk\etc\apps\sendresults\bin\sendresults_alert.py", line 206, in
04-29-2020 10:15:14.055 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - with gzip.open(payload.get('results_file'),'rt') as fin:
04-29-2020 10:15:14.055 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - File "C:\Program Files\Splunk\Python-2.7\lib\gzip.py", line 34, in open
04-29-2020 10:15:14.056 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - return GzipFile(filename, mode, compresslevel)
04-29-2020 10:15:14.057 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - File "C:\Program Files\Splunk\Python-2.7\lib\gzip.py", line 94, in __init__
04-29-2020 10:15:14.057 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - fileobj = self.myfileobj = __builtin__.open(filename, mode or 'rb')
04-29-2020 10:15:14.057 -0500 ERROR sendmodalert - action=sendresults_alert STDERR - ValueError: Invalid mode ('rtb')
04-29-2020 10:15:14.613 -0500 INFO sendmodalert - action=sendresults_alert - Alert action script completed in duration=1632 ms with exit code=1
04-29-2020 10:15:14.613 -0500 WARN sendmodalert - action=sendresults_alert - Alert action script returned error code=1
04-29-2020 10:15:14.613 -0500 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.
sendresults.log didn't have anything but this. Doesn't appear in the logs until after the upgrade and the errors occur
2020-05-04 11:40:43,437 INFO invocation_id=123456789.12:1234invocation_type="action" py_version=sys.version_info(major=2, minor=7, micro=17, releaselevel='final', serial=0)
Rolled back to 4.0.1, working again. Splunk is on 8.0.2.
↧