Hello dear Splunkers. I'm a new splunk user.I've question about Telegram Alert Action (TAA).
Right now I'm training with my syslogs and have set TAA to send me alerts. I want to add more info to my alert, like Time and Date, IP. Could you help me with that?
Hello Splunkers dear. I am a new splunk user. I have a question about Telegram Alert Action (TAA).
I am currently practicing with my splunk forwarder and have set TAA to send me a warning. how to send a warning to telegram Can you help me with that?
Hello Nazar,
First you have to install Telegram alert add-on, then you'll have an option to send alert via Telegram bot. After that when you create an alert, press add action option, you will have a choice to add Telegram Alert.
Now create a bot via Bot_Father in telegram, get its Bot ID. Follow it by writing something to your Telegram bot, example : "Hey bot, whatsup?".
Continue by getting list of updates for your bot:
follow the link https://api.telegram.org/bot/getUpdates
Example:
https://api.telegram.org/bot123456789:jbd78sadvbdy63d37gda37bd8/getUpdates
There you might find your chat id for Telegram Alert.
Now add chat ID and Bot ID into Alert and then you should be done.
Welcome. Wish you will become very good splunk engineer!
Hello Splunkers dear. I am a new splunk user. I have a question about Telegram Alert Action (TAA).
I am currently practicing with my splunk forwarder and have set TAA to send me a warning. how to send a warning to telegram Can you help me with that?
I'm working on rewriting this so that you can include custom fields in the response to Telegram. Hopefully I will have it released mid-June.
Thank you!
Did you release it? Currently now already jule.
Yes this is possible, but it would be helpful if you could share your existing search so we can help your refine it to include this data.
Thank you for your response! However I've already solved that issue. Had to do some python editing in Telegram Alert app files. 🙂
Hi @damiko
Tell me where in the script telegram.py
you edited so that you could add more fields to the allert ?
Hey Aleksey, we did that in group, so I might be wrong, however, please check my way below.
message = config.get('message')
severity = config.get('severity')
chat = config.get('chat')
message = "Splunk: {0} \nSeverity: {1} \nМsg: {2}".format(splunkSearch, severity, message)
try adding more variables for your own.
Also add more code in html (alert_telegram/default/data/ui/telegram.html)
<label class="control-label" for="telegram_message">Message</label>
<div class="controls">
<input type="text" name="action.telegram.param.message" id="telegram_message" placeholder="e.g. URGENT! Please Action! " />
<span class="help-block">The message delivered to the bot</span>
</div>
</div>
^ like this. Change "Message" for your own fields.
he said that he already solved this problem!
Yes, it is possible!
Thank you for your very broad answer!
Not at all.