Slack alert action does not work, when "equals 0" trigger parameter is in use and "Fields" are defined in that Slack alert action.

[BartekZm]

Describe the bug
Slack alert action does not work, when "equals 0" trigger parameter is in use and "Fields" are defined in that Slack alert action.

To Reproduce
Steps to reproduce the behavior:

1. Create a saved search with alert trigger "equals 0" parameter.
2. Add Slack alert action, define any field in the "Fields" field (eg. index, sourcetype)
3. The alert action fails to be triggered (=no message in Slack). In Splunk "sendmodalert" thread you will see the following traceback:
   Unexpected error:<class 'AttributeError'> Traceback (most recent call last): File "/opt/splunk/etc/apps/slack_alerts/bin/slack.py", line 117, in send_slack_message json.dumps(build_slack_message(payload)) File "/opt/splunk/etc/apps/slack_alerts/bin/slack.py", line 97, in build_slack_message params['attachments'] = [dict(fields=build_fields_attachment(payload))] File "/opt/splunk/etc/apps/slack_alerts/bin/slack.py", line 27, in build_fields_attachment available_fields = list(res.keys()) AttributeError: 'NoneType' object has no attribute 'keys' Alert action failed Alert action script completed in duration=31 ms with exit code=6

^ I struggle to format the log snippet in GH, please see the additional context for raw log snippet.

Expected behavior
Slack alert should be triggered when "fields" are listed and "equals 0" is used as a trigger condition.

Screenshots

Splunk Environment:

• Splunk Version: 8.2.2203.3
• OS: Linux
• Cloud: Splunk Cloud

Additional context
Workarounds:

1. Don't define any "Fields" in the Slack alert action, when the alert trigger condition is set to "equals 0".
2. When you need to specify "Fields" in the Slack alert action, use any different trigger condition but the "equals 0".

08-24-2022 08:58:01.037 +0000 INFO sendmodalert [57503 AlertNotifierWorker-0] - Invoking modular alert action=slack for search="999" sid="scheduler__admin__search__999_at_1661331480_1704" in app="search" owner="admin" type="saved"
08-24-2022 08:58:01.069 +0000 INFO sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - Running python 3
08-24-2022 08:58:01.069 +0000 WARN sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - Validation warning: Parameter attachment must be ether "alert_link" or "message"
08-24-2022 08:58:01.069 +0000 INFO sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - Using configured webhook URL:
08-24-2022 08:58:01.069 +0000 FATAL sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - Unexpected error:<class 'AttributeError'>
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - Traceback (most recent call last):
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - File "/opt/splunk/etc/apps/slack_alerts/bin/slack.py", line 117, in send_slack_message
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - body = json.dumps(build_slack_message(payload))
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - File "/opt/splunk/etc/apps/slack_alerts/bin/slack.py", line 97, in build_slack_message
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - params['attachments'] = [dict(fields=build_fields_attachment(payload))]
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - File "/opt/splunk/etc/apps/slack_alerts/bin/slack.py", line 27, in build_fields_attachment
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - available_fields = list(res.keys())
08-24-2022 08:58:01.069 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - AttributeError: 'NoneType' object has no attribute 'keys'
08-24-2022 08:58:01.069 +0000 FATAL sendmodalert [57503 AlertNotifierWorker-0] - action=slack STDERR - Alert action failed
08-24-2022 08:58:01.072 +0000 INFO sendmodalert [57503 AlertNotifierWorker-0] - action=slack - Alert action script completed in duration=31 ms with exit code=6
08-24-2022 08:58:01.072 +0000 WARN sendmodalert [57503 AlertNotifierWorker-0] - action=slack - Alert action script returned error code=6
08-24-2022 08:58:01.072 +0000 ERROR sendmodalert [57503 AlertNotifierWorker-0] - Error in 'sendalert' command: Alert script returned error code 6.
08-24-2022 08:58:01.072 +0000 ERROR SearchScheduler [57503 AlertNotifierWorker-0] - Error in 'sendalert' command: Alert script returned error code 6., search='sendalert slack results_file="/opt/splunk/var/run/splunk/dispatch/scheduler__admin__search__999_at_1661331480_1704/results.srs.zst" results_link=
08-24-2022 08:58:01.072 +0000 INFO sendmodalert [57503 AlertNotifierWorker-0] - Invoking modular alert action=victorops for search="999" sid="scheduler__admin__search__999_at_1661331480_1704" in app="search" owner="admin" type="saved"

[leandropadua]

we are getting spammed with errors

AttributeError: 'NoneType' object has no attribute 'keys'

Any chance this error can be fixed. There's an open PR for it. Thanks