Hello!
I have a search table that matches some values and users, like this:
| is_old_OS_version |
username |
| true |
Bob |
| false |
Marie |
| true |
Alice |
I want to send alerts to slack only to Bob and Alice and not to Marie. I know that I need a slack application and I have already made it.
But how to integrate splunk with this application and chose only to mention the persons I need.
Basically I have 2 strategies here:
1. Send to some channel and mention person I need with @ (not the best option, because I will mention lot's of persons with old software in one place)
2. Send directly to the person
There are multiple splunk applications that helps integrate with slack, but as I see, I can only choose one channel ID for alert, but I need to dynamically change this ID or find another way.
