Hi, am trying to get the Splunk Health report to alert to Splunk.
I have created health.conf in etc/system/local:
[health_reporter] alert.disabled = 0 alert.actions = slack [alert_action:slack] action.slack = 1 action.slack.param.channel = #somechan action.slack.param.message = HEALTH ALERT
Is this the right way to configure it? Have tried to get an alert triggered but am not seeing messages come to slack (we have other saved searches that are working to slack.
Are you using this app ?
The best way to troubleshoot your issue is to check your _internal logs for errors. You should be able to see some slack related warning or errors mentioning what's going wrong.