All Apps and Add-ons

Slack Notification Alert: Any way to send an inline table like email alert does?

worshamn
Contributor

I think I know the answer but I was hoping it wasn't so. Is there any way to send an inline table to Slack as part of the alert action from Slack Notification Alert app similar to how email alerts have that option? I know you could send a slack per result, but that would look ugly and not communicate what a table could say. I have used the slackit app which can send a text table, however it does not have an alert action like this app does (because I want to only send if there exist results).

0 Karma

richard_wilhite
Explorer

The issue is one part Slack formatting one part splunk data, I believe. I was also looking at this the other day, and here are some links that might help you.

I didn't dig much further. What I wanted to post in Slack, didn't seem to justify the time a full solution would require. However, this may make for a nice project over the winter break.

0 Karma

nadlurinadluri
Communicator

I know this is too old, but any luck with this?

0 Karma

russellliss
Path Finder

Have you tried to use the $result.fieldname$ token, and change the trigger to "For each result", otherwise you will just get the first row?

0 Karma

worshamn
Contributor

When I said "I know you could send a slack per result" I was referring to "For each result". But as I mentioned that would really look ugly in Slack and not communicate as well what a table can say.

0 Karma

manish_singh_77
Builder

@worshamn

Is there no way we can add inline table results of Splunk query to Slack messenger?

0 Karma

nadlurinadluri
Communicator

The best way would be to make it a multivalued and send the first event alone. that way the first row will consists the other data too.

0 Karma

worshamn
Contributor

I so far only know of an older app that was archived which creates a text table in Slack https://splunkbase.splunk.com/app/2784/

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...