Splunk alerts wont go to Slack via Slack Webhook Alert

New Member

Hello everyone,

I want to send a Splunk alert to Slack channel. Below are the steps I have followed. However the alert wont be sent to Slack using the Slack Webhook Alert

  • I have created a Webhook in slack
  • Put it into Splunk alert.


  1. Webhook is working as from other apps we are receiving alerts
  2. Alert is working as I have tested the same alert with email
  3. I have also not left the message field empty and it has ""  ( As advised by a previous Splunk post)

Kindly advise how I could resolve this issue.


Kind Regards,


Labels (2)
Tags (4)
0 Karma


Hi.  There are several apps on Splunkbase. The one we use is

1) I got a Slack web hook and modify an alert_actions.conf


param.webhook_url =


2) easy test is to just send to yourself.  My Slack username is myuser. It arrives as Slackbot in Slack.


| sendalert slack"@myuser" param.message="Friday test"


 3) And it works.  Look in  _audit


Audit:[timestamp=02-05-2021 22:03:32.419, user=myuser, action=search, info=granted , search_id='1612562612.438546_EC468701-9D5D-4C6B-B22C-9B179F397BB8', search='| sendalert slack"@myuser" param.message="Friday test"', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Feb  5 21:48:32 2021', apiEndTime='Fri Feb  5 22:03:32 2021', savedsearch_name=""][n/a]



Furthermore if I specified a bad username or bad slack channel


| sendalert slack"#nosuchchannel" param.message="Friday test"


I get an error in the browser

Error in 'sendalert' command: Alert script returned error code 5.
The search job has failed due to an error. You may be able view the job in the Job Inspector.

If you look in the job inspector you can see the actual error


2-05-2021 22:08:21.401 INFO  sendmodalert - action=slack STDERR -  Running python 3
02-05-2021 22:08:21.401 WARN  sendmodalert - action=slack STDERR -  Validation warning: Parameter `attachment` must be ether "alert_link" or "message"
02-05-2021 22:08:21.401 INFO  sendmodalert - action=slack STDERR -  Using configured webhook URL:
02-05-2021 22:08:21.401 ERROR sendmodalert - action=slack STDERR -  HTTP request to Slack webhook URL failed: HTTP Error 404: Not Found
02-05-2021 22:08:21.401 ERROR sendmodalert - action=slack STDERR -  Slack error response: b'channel_not_found'
02-05-2021 22:08:21.401 FATAL sendmodalert - action=slack STDERR -  Alert action failed
02-05-2021 22:08:21.407 INFO  sendmodalert - action=slack - Alert action script completed in duration=230 ms with exit code=5
02-05-2021 22:08:21.407 WARN  sendmodalert - action=slack - Alert action script returned error code=5
02-05-2021 22:08:21.446 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 5.



Tags (1)
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...