sentinl: Problem posting big messages to slack with webhook

  1. Sentinl and Kibana version - 5.6.6

  2. I have a problem with posting big messages using webhook to slack.

  3. Setup action to alert with webhook and try it with big messages.

  4. Expected - i see message in chat. Actual - no message.

  5. Sample of data - Error ocured while retire events System.AppfkjgjhnEjhkon: ERROR_RERTTYE ---> System.ERthtrateRTHhrthption: One or more errors occurred. ---> System.ERthtrateRTHhrthption: EWEFOR_ERGTYTH_TIWEFOUT at Boerl.ERGg.Eefwefwef.Wefwefwffweft.<CrwfefWEfwefc>d__24.LefOn() in C:\w495t3945t34t5\7c43ddea66dd549e\34t5345t\34t5453t\34t534t5\345t435t45\ErtgrtRttytbrtb.gt:line 103 --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task1.GetResultCore(Boolean waitCompletionNotification) at System.Threading.Tasks.Task1.get_Result() at Bweerg.Betwergffice.Hawerat.Habiwerost.werdRewerest(weryte[] dwerta, Strwerg enwerintName) in C:\werg\Tgewrty\wet5\wwerk\7c43ddewerd549e\werces\Infrwercture\Bewerabwrtat\HabitatHost.cs:line 186 at Rgerger.BGgreg.Rgerg.Igerrnals.RergoteServergcesMergager.SergdReruest[Teresp](Sering enderintere, Sterng serviceerme, Serng meterodNerme, Oerect[] arers) in C:\w495t3945t34t5\7c43ddea66dd549e\34t5345t\34t5453t\34t534t5\345t435t45\ErtgrtRttytbrtb.gt:line d9 --- End of inner exception stack trace --- at Berg.Berice.Heritat.Inerals.ReroteServereserager.erndReerest[Teresp](Sering enderpointNaerme, Serring seericeNaere, erng methodergme, Oerct[] arers) in C:\w495t3945t34t5\7c43ddea66dd549e\34t5345t\34t5453t\34t534t5\345t435t45\ErtgrtRttytbrtb.gt:line 143 at Beergab.Kerrgqerel.Contqweft.Eveqwefs.qwef2.IKeqwefelqweentqweferviceV2__Pqwexy.GqweftEqwesBySqweqwpe(Keqwelqwrceqwepe sourceqweype) at Bqwe.OdqweFeeds.Bqwedar.Aqwepter.Evqwents.Evqweqweandlewrbqweqwick(Obqweect qweate) in C:\w495t3945t34t5\7c43ddea66dd549e\34t5345t\34t5453t\34t534t5\345t435t45\ErtgrtRttytbrtb.gt:line wert51 --

  6. I’ve tried to post such messages with curl or your slack action - no problem. If I will use smaller messages - it works. My action body - { "text" : "Warning!TEST!\n {{#payload.hits.hits}}{{{_source.information}}}{{/payload.hits.hits}}", "attachments": [{ "color": "warning", "title": "Details:", "text": "TEST" }], "channel" : "#test", "username" : "lol", "icon_emoji" : ":computer:" }

http://take.ms/3LoxM

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 30

Most upvoted comments

"script": { "script": "payload = JSON.parse(JSON.stringify(payload).split('\\\\').join('/'));" }

The problem was that in some of my messages were to much "" at the same time, so, when there are odd number of “/” (like C:\\\ or C:\\\\\) - it causes invalid payload. It was because of trying to parse already parsed json. I was to lazy to found where exactly is mistake, so I just used transform script.

+1
koinoyokan17 on Jun 11, 2018
Read more comments on GitHub
← sentinl: MapperParsingException[Field name [...] cannot contain '.'
sentinl: puppeteer error when running reports →