Archive
Highlighted

How to get the Health Report to alert to slack

Builder

Hi, am trying to get the Splunk Health report to alert to Splunk.

I have created health.conf in etc/system/local:

[health_reporter]
alert.disabled = 0
alert.actions = slack

[alert_action:slack]
action.slack = 1
action.slack.param.channel = #somechan
action.slack.param.message = HEALTH ALERT

Is this the right way to configure it? Have tried to get an alert triggered but am not seeing messages come to slack (we have other saved searches that are working to slack.

0 Karma
Highlighted

Re: How to get the Health Report to alert to slack

SplunkTrust
SplunkTrust

Hi @brettcave,

Are you using this app ?
https://splunkbase.splunk.com/app/2878/#/details

The best way to troubleshoot your issue is to check your _internal logs for errors. You should be able to see some slack related warning or errors mentioning what's going wrong.

0 Karma
Highlighted

Re: How to get the Health Report to alert to slack

Builder

Hi @DavidHourani - yep, using that app. Am posting looking for feedback on whether that config looks right.

0 Karma
Highlighted

Re: How to get the Health Report to alert to slack

SplunkTrust
SplunkTrust

Could you please post what errors you're getting in your logs ?

0 Karma
Highlighted

Re: How to get the Health Report to alert to slack

@brettcave checking in to see if you were able to get this resolved. Looking at doing the same thing here.

Thank you!

0 Karma