It appears there isn't actual documentation on the app, but I'm trying determine how to send a link inside the slack message that will link back to Splunk to get the full details. It appears you can use $result.<fieldname>$
to get out particular fields.
Try $results_link$ as defined in email tokens:
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/EmailNotificationTokens
Try $results_link$ as defined in email tokens:
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/EmailNotificationTokens
I wish the splunkbase detailed description included that link.
I am not sure about slack but u can try this :-
just save your alert and copy the link of that alert in the message it will redirect you to the actual alert details
I don't see you example, but I think I understand. I can't directly get a link from the alert, but I do have enough information to perform some url hackery. This however won't work if any of the fields extracted from the alert need to be URL encoded though (i.e. myfield="foo or > bar").