I'm trying to setup some alerts using the Microsoft Teams Card add-on.
So I installed the add-on, created a Teams channel and defined an alert which should be sent via a webhook whenever it is triggered. The problem I noticed is that the alerts are sent when the conditions are met but I can see only the title and the subtitle of the alert, not also the actual message/body which should be a custom text containing a log line.
This si how i defined the alert :
This is how i receive the alerts in Teams :
I can't figure out what i'm doing wrong. I mention i'm very new to Splunk.
Maybe the strcat function I use at the end of the query does not generate the apropriate output for the Teams add-on ?
If i run the alert query in the "Search & Reporting" app i get good results:
... View more