Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create one webhook for an entire Slack instance?

stephanyvgo
Engager
‎01-06-2020 12:52 PM

I would like to generate a single webhook so that I am able to dynamically enter different channel names instead of having to create a URL for each one. Is this possible?

Tags (1)
0 Karma
Reply

bandit
Motivator
‎01-06-2020 03:07 PM

In the setup page for the Splunk slack addon you can set a default webhook url. After setting the default you should no longer have to specify a webhook for each alert, only the channel. You should only need one web hook per slack instance/company not per channel.

The configuration URL will be something like this.

https://yoursplunkhosthere:8000/en-US/manager/slack_alerts/apps/local/slack_alerts/setup?action=edit

alt text

Reply

stephanyvgo
Engager
‎01-13-2020 09:52 AM

Got it! Thank you very much, but how do I generate the webhook for our company Slack instance? I only know how to generate it for an individual channel.

0 Karma
Reply

bandit
Motivator
‎01-13-2020 11:05 AM

Even though you created the webhook with one channel, I believe it should be usable to post to any channel. A far as I know we only have one webhook defined, however, we are able to post to any valid slack channel. In each alert you will still specify #channel

0 Karma
Reply

stephanyvgo
Engager
‎01-13-2020 11:53 AM

We tried setting up the webhook, but it redirects us to the channel we first set it up for. No matter what we put in #channel it sends us to the configured webhook. Do you mind sharing how you generate yours?

0 Karma
Reply

bandit
Motivator
‎01-14-2020 10:16 AM

It's been a few years since we configured. I'll attempt to track down.

0 Karma
Reply

bandit
Motivator
‎01-19-2020 09:39 PM

I tested on a free Slack instance and had the same issue of it pinning to one channel. This seems like an an issue on the Slack side. I couldn't figure out how to grant more channels to my generic Slack app I created for the purpose of having an incoming webhook. I will post if I find the answer.

0 Karma
Reply
Get Updates on the Splunk Community!

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...