Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Slack Alert Customization

manish_singh_77
Builder
‎01-17-2020 03:53 AM

Hi Team,

How do we pass link result of splunk alerts in slack from splunk?

Labels (1)
Labels
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎01-17-2020 04:25 AM

Use this app and it's instructions:

https://splunkbase.splunk.com/app/2878/

View solution in original post

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-27-2020 12:54 PM 
curl -X POST -H 'Content-type: application/json' --data '{"text":"Allow me to reintroduce myself!"}' YOUR_WEBHOOK_URL
0 Karma
Reply
Solved! Jump to solution

manish_singh_77
Builder
‎01-28-2020 10:58 PM

@jkat54

How can we run this command from search head url from the search query?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-28-2020 11:53 PM

It's a Linux command you run from a command line shell.

0 Karma
Reply
Solved! Jump to solution

manish_singh_77
Builder
‎01-29-2020 01:21 AM

@jkat54

I tried different slack channel that is using the same webhook url for testing purpose and there also we observed the delay in receiving alerts.

PFB error message that we see in the splunkd.log

ERROR SearchScheduler - Error in 'sendalert' command: Alert script returned error code 255., search='sendalert slack_webhook_alert results_file="/opt/splunk/var/run/splunk/dispatch/scheduler_bXNpbmdoQGFybG8uY29t_c3BsdW5rX2FwcF9qZW5raW5z_RMD55de36a8bbf79c022_at_1580289000_23596_B2217163-89B0-464E-965F-D5D289E35131/results.csv.gz" results_link="********/app/splunk_app_jenkins/@go?sid=scheduler_bXNpbmdoQGFybG8uY29t_c3BsdW5rX2FwcF9qZW5raW5z_RMD55de36a8bbf79c022_at_1580289000_23596_B2217163-89B0-464E-965F-D5D289E35131"'

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-29-2020 04:46 AM

If you try the curl command... which is what slack says to do to test your webhook...:

It will display any errors such as a rate limit

0 Karma
Reply
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...