All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Alert to MS Teams Is not Working

juliennerocafor
New Member
‎04-28-2020 11:38 PM

Hello, I'm new to Splunk and I am trying to send some alerts to MS Teams. My alert runs every 5 minutes.

alt text

I already installed the Microsoft Teams Webhook Alert Connector & Microsoft Teams Alerts in my Splunk Enterprise. I created a webhook in my MS Teams and added that to my Alert in Splunk although I'm still not receiving anything. On the other hand, I was able to get alerts from the Triggered Alerts.

alt text

Anything I missed on doing? Thank you in advanced for any help!

Preview file
43 KB
Preview file
46 KB
0 Karma
Reply

kd007
New Member
‎04-29-2020 06:38 AM

Hi juliennerocafort!
There are problems with two of the fields in the action:

  1. "Card Image URL" cannot be blank - make sure an image of some sort is in here. Needs to be a .PNG file and cannot be too big; not sure of the actual size limit. This can't be blank because otherwise Teams will not accept the webhook call.
  2. "Card Theme Hex Color" should not include the pound/hash (#) sign. Just put "DC143C" in this field.

Try that - that should work!

The other thing I'll suggest is to send body text with the alert. For example, using the query shown in your screenshot, pass a field called 'messagetext' to the alert. This is easily done with the strcat command like this:
source="test.log]" "error received" earliest=-5m latest=now | stats count | strcat "Error " fieldfromyoursearch " received " count " times." messagetext

To read more about the strcat command you can read Splunk's documentation here: https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Strcat
You can also read our documentation on this alert action here:
https://www.groundsecurity.com/splunk-app-microsoft-teams-alert-cards/

Hope this helps - please let us know if you still have trouble getting it to work!

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...