All Apps and Add-ons
Highlighted

How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

Engager

I am looking to create a Splunk alert that posts to the Slack channel and mentions a particular user group so a badge appears next to the channel for all members of that particular group. For example: If the alert says 'host is down', I want the user group @prodSA to be mentioned in the alert so they get a badge next to the channel.

Highlighted

Re: How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

Builder

There are some Slack apps that may be able to help with this..

https://splunkbase.splunk.com/app/2878/
https://splunkbase.splunk.com/app/3525/

0 Karma
Highlighted

Re: How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

Motivator

I downvoted this comment because the answer doesn't actually address the question and is extremely unhelpful. The asker has the Slack app installed, but he isn't sure how to create a mention inside the actual alert

0 Karma
Highlighted

Re: How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

Motivator

I have the same issue. We have critical alerts that we need to send out that explicitly mention certain members with the @ symbol so that they get push notifications on their phones. Is there a way to do this?

"@member1 @member2 @member3" does not work if you put them into "channel name" to DM those three members, nor does it work using commas, nor does it work if you create a Slack channel and send to it and then mention the members. In the latter case "@member1" is just shown as a string and is not an actual mention. Unless I'm wrong, you can't create a channel in Slack that defaults to sending push notifications.

There is one way to achieve the solution, but it involves setting up a separate alert DMing each individual. With 10 people that we need to notify, multiple critical alerts that need push notifications, and frequent modifications, that's not really feasible.

0 Karma
Highlighted

Re: How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

SplunkTrust
SplunkTrust

Aha! : https://api.slack.com/docs/message-formatting#linking_to_channels_and_users

You need to put <@user>

So what you can do is to set a field.. like eval persontonotify="<@foo>" (or however you will determine the correct person).

And then in the alert use $result.persontonotify$

I just tested and once the user name was in <@user> I got the alerts. Thanks for raising the issue.

Highlighted

Re: How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

Motivator

Thank you!!

0 Karma
Highlighted

Re: How can I create a Splunk alert that posts in Slack channel and has a user group (example: @team) so a badge appears on the channel for the user group members?

Motivator

Another option, if you just want to mention the people statically/directly in the alert body, just use @burwell's solution of the carrots like so:

channel: #mychannel
message: Hi, this is an alert from Splunk. <@member1> <@member2> please responded as quickly as possible

and that successfully mentions them instead of just putting the @member1 @member2 as strings.

0 Karma