All Apps and Add-ons

Slack Notification Setup Problems

wweiland
Contributor

Hi,

I'm trying to setup the Slack notification app and I'm having issues. When I use the webhook that I generated and CURL, i'm able to send messages to any channel. When I try and use the app with the webhook configured, I get the following errors:

07-12-2016 07:55:58.294 -0700 INFO sendmodalert - action=slack - Alert action script completed in duration=200 ms with exit code=0
07-12-2016 07:55:58.290 -0700 FATAL sendmodalert - action=slack STDERR - Sending the slack message failed
07-12-2016 07:55:58.289 -0700 ERROR sendmodalert - action=slack STDERR - Error sending message: HTTP Error 404: Not Found

Can anyone give any guidance to how this is set up?

TIA!

0 Karma
1 Solution

wweiland
Contributor

Found my problem. I had to generate a new webhook. The alerts that I had created before the change didn't update with the new webhook. I had to delete those and recreate.

View solution in original post

wweiland
Contributor

Found my problem. I had to generate a new webhook. The alerts that I had created before the change didn't update with the new webhook. I had to delete those and recreate.

ppanchal
Path Finder

How did you generate a new webhook?

0 Karma

woodcock
Esteemed Legend

Click Accept on this answer.

0 Karma

muebel
SplunkTrust
SplunkTrust

Hi wweiland, My guess is that, given the 404 response, there is something malformed about the configured webhook URL. I'd investigate the savedsearch stanza via advanced edit, or simply as it exists on the filesystem. Compare the URL there alongside the successful attempt via CURL and modify as needed.

Note that, although the slack addon has an overall and default webhook URL, this can be configured per search as well.

Please let me know if this answers your question!

0 Karma

wweiland
Contributor

Thank you again for your suggestion.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...