The source code for this app can be found on GitHub:
https://github.com/splunk/slack-alerts
In order to setup the app, navigate to "Settings" -> "Alert actions". Click on "Setup Slack Alerts".
On the setup screen you'll want to supply a Webhook URL. You can obtain this URL by configuring a
custom integration for you Slack workspace.
For more information see https://slack.com/apps/A0F7XDUAZ-incoming-webhooks
You can manually trigger the slack alert action if you want to verify the configuration and/or preview different parameter combinations.
For example:
| sendalert slack param.channel="#mychannel" param.message="Lorem ipsum"
Enter a simlar SPL query into the search bar in the search interface of Splunk to manually send a message.
Setup page shows "I am Legend" setup_stub
An issue after upgrading the Slack Alerts app can cause an invalid redirect from the alert actions listing page to the setup page. Go to "Manage Apps" and click on "Set up" instead of using the Alert actions listing.
Alternatively - to fix it - you can remove the is_configured flag from $SPLUNK_HOME/etc/apps/slack_alerts/local/app.conf and restart Splunk.
In order to investigate problems with the Slack alert action, you can check the logs of the
alert action.
You can also increase the verbosity of logs generated by the alert action by adjusting the
NOTE: This will increase cause detailed logs to be produced for all alert actions and might have an
impact on system performance. It is not recommended to do this on a production system.
In case of an error when manually triggering the Slack alert action, you'll notice an error code being returned (eg. Alert script returned error code 6.)
Here are the possible error codes returned by the slack alert action:
Error Code 2: Validation Failed
This error code indications that the parameters handed to the alert action were invalid. Check the configuration.
Error Code 3: Channel not found
This error code is returned if the given Slack channel was not found
Error Code 4: Forbidden
Slack indicates that sending the message to the given channel is not allowed. Contact your Slack workspace administrator to find out about possible restrictions.
Error Code 5: HTTP failure
This error code indicates a problem with executing the HTTP request to the configured webhook URL. Possible reasons include network issues, proxy server issues
See logs for details.
Error Code 6: Unexpected error
An unexpected error occurred while attempting to send the slack message.
See logs for details.
Support for Slack Apps in addition to webhook URLs (thanks to bclarkejr 🙌)
Updated validation of channel names to allow for tokens to be used (eg. $result.myfield$)
New cloud compliant setup view
Validating the webhook URL, forcing HTTPS.
Fixed sender icon.
Fixed issue where the result link wouldn't get parsed correctly by the browser since it was being double encoded
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.