Alerting

How to create one webhook for an entire Slack instance?

stephanyvgo
Engager

I would like to generate a single webhook so that I am able to dynamically enter different channel names instead of having to create a URL for each one. Is this possible?

Tags (1)
0 Karma

bandit
Motivator

In the setup page for the Splunk slack addon you can set a default webhook url. After setting the default you should no longer have to specify a webhook for each alert, only the channel. You should only need one web hook per slack instance/company not per channel.

The configuration URL will be something like this.

https://yoursplunkhosthere:8000/en-US/manager/slack_alerts/apps/local/slack_alerts/setup?action=edit

alt text

stephanyvgo
Engager

Got it! Thank you very much, but how do I generate the webhook for our company Slack instance? I only know how to generate it for an individual channel.

0 Karma

bandit
Motivator

Even though you created the webhook with one channel, I believe it should be usable to post to any channel. A far as I know we only have one webhook defined, however, we are able to post to any valid slack channel. In each alert you will still specify #channel

0 Karma

stephanyvgo
Engager

We tried setting up the webhook, but it redirects us to the channel we first set it up for. No matter what we put in #channel it sends us to the configured webhook. Do you mind sharing how you generate yours?

0 Karma

bandit
Motivator

It's been a few years since we configured. I'll attempt to track down.

0 Karma

bandit
Motivator

I tested on a free Slack instance and had the same issue of it pinning to one channel. This seems like an an issue on the Slack side. I couldn't figure out how to grant more channels to my generic Slack app I created for the purpose of having an incoming webhook. I will post if I find the answer.

0 Karma
Get Updates on the Splunk Community!

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...