All Apps and Add-ons

Telegram Alert Action. Is it possible to add more info to the alert?

Communicator

Hello dear Splunkers. I'm a new splunk user.I've question about Telegram Alert Action (TAA).
Right now I'm training with my syslogs and have set TAA to send me alerts. I want to add more info to my alert, like Time and Date, IP. Could you help me with that?

1 Solution

Path Finder

Yes, it is possible!

View solution in original post

New Member

Hello Splunkers dear. I am a new splunk user. I have a question about Telegram Alert Action (TAA).
I am currently practicing with my splunk forwarder and have set TAA to send me a warning. how to send a warning to telegram Can you help me with that?

0 Karma

Communicator

Hello Nazar,
First you have to install Telegram alert add-on, then you'll have an option to send alert via Telegram bot. After that when you create an alert, press add action option, you will have a choice to add Telegram Alert.
Now create a bot via Bot_Father in telegram, get its Bot ID. Follow it by writing something to your Telegram bot, example : "Hey bot, whatsup?".
Continue by getting list of updates for your bot:
follow the link https://api.telegram.org/bot/getUpdates
Example:

https://api.telegram.org/bot123456789:jbd78sadvbdy63d37gda37bd8/getUpdates

There you might find your chat id for Telegram Alert.

Now add chat ID and Bot ID into Alert and then you should be done.

Path Finder

Welcome. Wish you will become very good splunk engineer!

0 Karma

New Member

Hello Splunkers dear. I am a new splunk user. I have a question about Telegram Alert Action (TAA).
I am currently practicing with my splunk forwarder and have set TAA to send me a warning. how to send a warning to telegram Can you help me with that?

0 Karma

SplunkTrust
SplunkTrust

I'm working on rewriting this so that you can include custom fields in the response to Telegram. Hopefully I will have it released mid-June.

Communicator

Thank you!

0 Karma

Path Finder

Did you release it? Currently now already jule.

0 Karma

Ultra Champion

Yes this is possible, but it would be helpful if you could share your existing search so we can help your refine it to include this data.

Communicator

Thank you for your response! However I've already solved that issue. Had to do some python editing in Telegram Alert app files. 🙂

0 Karma

New Member

Hi @damiko
Tell me where in the script telegram.py you edited so that you could add more fields to the allert ?

0 Karma

Communicator

Hey Aleksey, we did that in group, so I might be wrong, however, please check my way below.

message = config.get('message')
severity = config.get('severity')
chat = config.get('chat')
message = "Splunk: {0} \nSeverity: {1} \nМsg: {2}".format(splunkSearch, severity, message)
try adding more variables for your own.
Also add more code in html (alert_telegram/default/data/ui/telegram.html)

    <label class="control-label" for="telegram_message">Message</label>

    <div class="controls">
        <input type="text" name="action.telegram.param.message" id="telegram_message" placeholder="e.g. URGENT! Please Action! " />
        <span class="help-block">The message delivered to the bot</span>
    </div>
</div>

^ like this. Change "Message" for your own fields.

0 Karma

Path Finder

he said that he already solved this problem!

0 Karma

Path Finder

Yes, it is possible!

View solution in original post

Communicator

Thank you for your very broad answer!

0 Karma

Path Finder

Not at all.