Hello, I'm new to Splunk and I am trying to send some alerts to MS Teams. My alert runs every 5 minutes.
I already installed the Microsoft Teams Webhook Alert Connector & Microsoft Teams Alerts in my Splunk Enterprise. I created a webhook in my MS Teams and added that to my Alert in Splunk although I'm still not receiving anything. On the other hand, I was able to get alerts from the Triggered Alerts.
Anything I missed on doing? Thank you in advanced for any help!
There are problems with two of the fields in the action:
"Card Image URL" cannot be blank - make sure an image of some sort is in here. Needs to be a .PNG file and cannot be too big; not sure of the actual size limit. This can't be blank because otherwise Teams will not accept the webhook call.
"Card Theme Hex Color" should not include the pound/hash (#) sign. Just put "DC143C" in this field.
Try that - that should work!
The other thing I'll suggest is to send body text with the alert. For example, using the query shown in your screenshot, pass a field called 'messagetext' to the alert. This is easily done with the strcat command like this: source="test.log]" "error received" earliest=-5m latest=now | stats count | strcat "Error " fieldfromyoursearch " received " count " times." messagetext