All Apps and Add-ons

Telegram Alert Action. Is it possible to add more info to the alert?

damiko
Communicator

Hello dear Splunkers. I'm a new splunk user.I've question about Telegram Alert Action (TAA).
Right now I'm training with my syslogs and have set TAA to send me alerts. I want to add more info to my alert, like Time and Date, IP. Could you help me with that?

1 Solution

askhat_pernebek
Path Finder

Yes, it is possible!

View solution in original post

nazar05
New Member

Hello Splunkers dear. I am a new splunk user. I have a question about Telegram Alert Action (TAA).
I am currently practicing with my splunk forwarder and have set TAA to send me a warning. how to send a warning to telegram Can you help me with that?

0 Karma

damiko
Communicator

Hello Nazar,
First you have to install Telegram alert add-on, then you'll have an option to send alert via Telegram bot. After that when you create an alert, press add action option, you will have a choice to add Telegram Alert.
Now create a bot via Bot_Father in telegram, get its Bot ID. Follow it by writing something to your Telegram bot, example : "Hey bot, whatsup?".
Continue by getting list of updates for your bot:
follow the link https://api.telegram.org/bot/getUpdates
Example:

https://api.telegram.org/bot123456789:jbd78sadvbdy63d37gda37bd8/getUpdates

There you might find your chat id for Telegram Alert.

Now add chat ID and Bot ID into Alert and then you should be done.

askhat_pernebek
Path Finder

Welcome. Wish you will become very good splunk engineer!

0 Karma

nazar05
New Member

Hello Splunkers dear. I am a new splunk user. I have a question about Telegram Alert Action (TAA).
I am currently practicing with my splunk forwarder and have set TAA to send me a warning. how to send a warning to telegram Can you help me with that?

0 Karma

ragedsparrow
SplunkTrust
SplunkTrust

I'm working on rewriting this so that you can include custom fields in the response to Telegram. Hopefully I will have it released mid-June.

damiko
Communicator

Thank you!

0 Karma

askhat_pernebek
Path Finder

Did you release it? Currently now already jule.

0 Karma

nickhills
Ultra Champion

Yes this is possible, but it would be helpful if you could share your existing search so we can help your refine it to include this data.

If my comment helps, please give it a thumbs up!

damiko
Communicator

Thank you for your response! However I've already solved that issue. Had to do some python editing in Telegram Alert app files. 🙂

0 Karma

Aleksey_18
New Member

Hi @damiko
Tell me where in the script telegram.py you edited so that you could add more fields to the allert ?

0 Karma

damiko
Communicator

Hey Aleksey, we did that in group, so I might be wrong, however, please check my way below.

message = config.get('message')
severity = config.get('severity')
chat = config.get('chat')
message = "Splunk: {0} \nSeverity: {1} \nМsg: {2}".format(splunkSearch, severity, message)
try adding more variables for your own.
Also add more code in html (alert_telegram/default/data/ui/telegram.html)

    <label class="control-label" for="telegram_message">Message</label>

    <div class="controls">
        <input type="text" name="action.telegram.param.message" id="telegram_message" placeholder="e.g. URGENT! Please Action! " />
        <span class="help-block">The message delivered to the bot</span>
    </div>
</div>

^ like this. Change "Message" for your own fields.

0 Karma

askhat_pernebek
Path Finder

he said that he already solved this problem!

0 Karma

askhat_pernebek
Path Finder

Yes, it is possible!

damiko
Communicator

Thank you for your very broad answer!

0 Karma

askhat_pernebek
Path Finder

Not at all.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...