Splunk Enterprise

MS Teams alert for Splunk Addon triggering alerts n number of times

impurush
Contributor

Hello Everyone,

I have integrated the "MS Teams alert for Splunk" add-on in my splunk cluster. I have added it in to alert action and triggering alerts n number of times.

Example: The alert has 5 result rows and I am getting 5 messages in MS teams however I need only one alert per trigger. I checked the alert configuration and the trigger action is set to as Once. In the same alert I have configured to send to my email and I am getting only once but in MS team I am getting 5 times.

Thanks in advance!

Labels (1)
1 Solution

impurush
Contributor

Thank you everyone for the replies and I got the reply from Developer Support from the App.

"MS Teams Connector are send the message for each results. please consider convene multiple results put together one result in Splunk."

View solution in original post

0 Karma

impurush
Contributor

Thank you everyone for the replies and I got the reply from Developer Support from the App.

"MS Teams Connector are send the message for each results. please consider convene multiple results put together one result in Splunk."

View solution in original post

0 Karma

inventsekar
Super Champion

Hi, i am not sure of MS Teams addon.. by the by...
may i know if you try to find out which alert is generating the alerts and try to edit/update that alert?

 

(i have joined to 100 karma givers club, have you?!?!)

0 Karma

impurush
Contributor

Hi @inventsekar, I have included the MS teams add-on in the respective alert. I have changed the alert to trigger only once if the alert triggers but still I am getting a lot of alerts when a single alert triggers.

Tags (3)

inventsekar
Super Champion

hi @impurush the alert should have a "throttle" settings. pls check that one. The throttle setting controls how we can suppress the excess alerts. 

0 Karma

impurush
Contributor

Hi @inventsekar , I totally agree with you but the throttle setting is default.

impurush_0-1600695787214.png

 

Tags (1)
0 Karma

impurush
Contributor

Hi @niketnilay  Thanks for reaching out to this post. I have tried to reach them via email, unfortunately, I did not get any response and hence I reached here in the community.  I will try one mor time to reach them with my questions.

niketnilay
Legend

@impurush as the MS Teams alert for Splunk app is developer supported by the"Mitsui Bussan Secure Directions, Inc" (MBSD) team, please reach out to the Developer Contact provided in the App on Splunkbase i.e. splunksupport@mbsd.jp

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!