I am looking to create a Splunk alert that posts to the Slack channel and mentions a particular user group so a badge appears next to the channel for all members of that particular group. For example: If the alert says 'host is down', I want the user group @prodSA to be mentioned in the alert so they get a badge next to the channel.
If you are looking to @ a user group within the Slack alert, I found this in the Slack API docs. Tested and confirmed, it works. https://api.slack.com/reference/surfaces/formatting#linking_to_channels_and_users
To mention a user group in app-published text, you need to provide the group ID in the following general syntax:
`<!subteam^ID>`
!subteam^ is a literal string that should not change, but ID should be replaced with the actual user group ID. Here's an example:
Hey <!subteam^SAZ94GDB8>, there's a new task in your queue.
Your app can get this group ID from the Event API payload sent when one of the subteam event types occurs, or by looking them up via the usergroups.list Web API.
You can also manually retrieve a specific user group's ID from the URL shown when viewing its profile (highlighted here):
When text containing the user group mention syntax is published by an app, the ID will be automatically converted to show the name of the user group.
Aha! : https://api.slack.com/docs/message-formatting#linking_to_channels_and_users
You need to put <@user>
So what you can do is to set a field.. like eval person_to_notify="<@foo>" (or however you will determine the correct person).
And then in the alert use $result.person_to_notify$
I just tested and once the user name was in <@user>
I got the alerts. Thanks for raising the issue.
For the userid use below steps to get the id, it is not same as channelID. You need to get the memberID
https://api.slack.com/reference/surfaces/formatting#mentioning-users
Thank you!!
Another option, if you just want to mention the people statically/directly in the alert body, just use @burwell's solution of the carrots like so:
channel: #mychannel
message: Hi, this is an alert from Splunk. <@member1> <@member2> please responded as quickly as possible
and that successfully mentions them instead of just putting the @member1 @member2 as strings.
I have the same issue. We have critical alerts that we need to send out that explicitly mention certain members with the @ symbol so that they get push notifications on their phones. Is there a way to do this?
"@member1 @member2 @member3" does not work if you put them into "channel name" to DM those three members, nor does it work using commas, nor does it work if you create a Slack channel and send to it and then mention the members. In the latter case "@member1" is just shown as a string and is not an actual mention. Unless I'm wrong, you can't create a channel in Slack that defaults to sending push notifications.
There is one way to achieve the solution, but it involves setting up a separate alert DMing each individual. With 10 people that we need to notify, multiple critical alerts that need push notifications, and frequent modifications, that's not really feasible.
There are some Slack apps that may be able to help with this..
https://splunkbase.splunk.com/app/2878/
https://splunkbase.splunk.com/app/3525/
I downvoted this comment because the answer doesn't actually address the question and is extremely unhelpful. The asker has the Slack app installed, but he isn't sure how to create a mention inside the actual alert