Hi, am trying to get the Splunk Health report to alert to Splunk.
I have created health.conf in etc/system/local:
[health_reporter]
alert.disabled = 0
alert.actions = slack
[alert_action:slack]
action.slack = 1
action.slack.param.channel = #somechan
action.slack.param.message = HEALTH ALERT
Is this the right way to configure it? Have tried to get an alert triggered but am not seeing messages come to slack (we have other saved searches that are working to slack.
@brettcave checking in to see if you were able to get this resolved. Looking at doing the same thing here.
Thank you!
Hi @brettcave,
Are you using this app ?
https://splunkbase.splunk.com/app/2878/#/details
The best way to troubleshoot your issue is to check your _internal logs for errors. You should be able to see some slack related warning or errors mentioning what's going wrong.
Hi @DavidHourani - yep, using that app. Am posting looking for feedback on whether that config looks right.
Could you please post what errors you're getting in your logs ?