Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alerts: Webhook Trigger Action and Slack Incoming WebHooks Custom Integration

dwspncr
Explorer
‎04-21-2017 10:51 AM

I have an Alert that successfully creates an entry in Trigger History via the "Add to Triggered Alerts" Trigger Action; however, the Webhook Trigger Action for the same Alert does not appear to fire.

The webhook URL (of the form https://hooks.slack.com/services/#########/#########/########################) is generated by Slack's Incoming WebHooks Custom Integration, and making a curl request to it is successful.

Any suggestions on how to debug this are appreciated.

Reply

dwspncr
Explorer
‎05-18-2017 11:09 AM

Using the Slack Webhook Alert add-on, as @aaraneta mentions, works.

I'm still not entirely satisfied, though, as all the documentation that I've read seem to indicate that "standard" webhooks should work.

Reply

chadwell
Explorer
‎05-17-2017 09:28 AM

I'm hoping someone can answer this.

Using the provided 'webhook' functionality (without any additional apps etc) - how can we POST to a slack web hook.

I can use Postman on my laptop to post to the slack channel without issue. But when the splunk alert is triggered the webhook seems to do nothing.

Any ideas?>

0 Karma
Reply

known_user
Engager
‎09-30-2017 05:59 AM

How can we integrate without having to configure anything at the splunk enterprise level?

0 Karma
Reply

aaraneta_splunk
Splunk Employee
Splunk Employee
‎04-21-2017 11:25 AM

@dwspncr - Are you using the Slack Webhook Alert add-on in Splunkbase? Or a different Slack related app/add-on in Splunkbase? I just want to make sure your post is tagged appropriately for best visibility. Thank you.

0 Karma
Reply

dwspncr
Explorer
‎04-21-2017 11:33 AM

No add-ons. I was hoping to get it to work using a plain webhook post to Slack.

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...