icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Slack Notification Alert
SHA256 checksum (slack-notification-alert_231.tgz) e28b569ca505715f0cd24a1352e71f53b72dd37f1363f99a34212d6252e42c48 SHA256 checksum (slack-notification-alert_230.tgz) 136bfe3c5d0561a3fb60ce1a342c4f6078cb0766d886550b3e8fe64432b62e43 SHA256 checksum (slack-notification-alert_220.tgz) c9b443e65cea0bb41da7cd1d8fe0e8c77bb14639144298e578ff0c2ca7a7c175 SHA256 checksum (slack-notification-alert_213.tgz) 0b74e5002c5a401bf0f089d3c94742a7acebeb3f4432df64cf62c2871be114de SHA256 checksum (slack-notification-alert_211.tgz) 871661c542e6b3648b787e226057fe2af8e461a6d1d65b4523b5e609bc12adef SHA256 checksum (slack-notification-alert_210.tgz) f7eeeaaad4cc11b5dfc46387400c27d5c42974cd895584d1a5262629d8e9f156 SHA256 checksum (slack-notification-alert_203.tgz) 95bf87c6224f6e708e5750800e68331b44926e7239fcabfc4300042c1930340a SHA256 checksum (slack-notification-alert_201.tgz) ba15ba7a0666565235127cfdfa4f902624080f2c0f3defab51dde87056fa3d68 SHA256 checksum (slack-notification-alert_110.tgz) 133cab93886512f891cfd3dac64b893aa4b662860c22d29a117390122a27f24b SHA256 checksum (slack-notification-alert_102.tgz) befc2fdd72e794a43e3bb09cbec2486d0c8d30530cba661c1d028acbb455af43 SHA256 checksum (slack-notification-alert_101.tgz) 0c6a2570f7f8168db4431067b1b3b2904190fe6bc0c689259648f51a0a857c7f
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Slack Notification Alert

This app is NOT supported by Splunk. Please read about what that means for you here.
Overview
Details
Send a customized message to a Slack channel based on a triggered alert action in Splunk.

Leverages the custom alert action framework introduced in Splunk Enterprise v6.3. This alert extension framework enables full UI integration, management, dynamic parameter support, and more. This alert action was built as a reference example for the new custom alert action framework.

Note - This alert action integrates against the slack incoming webhook API
https://slack.com/apps/A0F7XDUAZ-incoming-webhooks

The source code for this app can be found on GitHub:

https://github.com/splunk/slack-alerts

Configuration

In order to setup the app, navigate to "Settings" -> "Alert actions". Click on "Setup Slack Alerts".

On the setup screen you'll want to supply a Webhook URL. You can obtain this URL by configuring a
custom integration for you Slack workspace.

For more information see https://slack.com/apps/A0F7XDUAZ-incoming-webhooks

Manually trigger the alert action

You can manually trigger the slack alert action if you want to verify the configuration and/or preview different parameter combinations.

For example:

| sendalert slack param.channel="#mychannel" param.message="Lorem ipsum"

Enter a simlar SPL query into the search bar in the search interface of Splunk to manually send a message.

Troubleshooting

Known issue with Setup

Setup page shows "I am Legend" setup_stub

An issue after upgrading the Slack Alerts app can cause an invalid redirect from the alert actions listing page to the setup page. Go to "Manage Apps" and click on "Set up" instead of using the Alert actions listing.

Alternatively - to fix it - you can remove the is_configured flag from $SPLUNK_HOME/etc/apps/slack_alerts/local/app.conf and restart Splunk.

Logs

In order to investigate problems with the Slack alert action, you can check the logs of the
alert action.

  • Navigate to "Settings" -> "Alert actions"
  • Click on "View log events" for the Slack alert action

You can also increase the verbosity of logs generated by the alert action by adjusting the

  • Navigate to "Settings" -> "Server settings" -> "Server logging"
  • Search for the log channel "sendmodalert"
  • Select logging level "DEBUG"

NOTE: This will increase cause detailed logs to be produced for all alert actions and might have an
impact on system performance. It is not recommended to do this on a production system.

Error Codes

In case of an error when manually triggering the Slack alert action, you'll notice an error code being returned (eg. Alert script returned error code 6.)

Here are the possible error codes returned by the slack alert action:

  • Error Code 2: Validation Failed

    This error code indications that the parameters handed to the alert action were invalid. Check the configuration.

  • Error Code 3: Channel not found

    This error code is returned if the given Slack channel was not found

  • Error Code 4: Forbidden

    Slack indicates that sending the message to the given channel is not allowed. Contact your Slack workspace administrator to find out about possible restrictions.

  • Error Code 5: HTTP failure

    This error code indicates a problem with executing the HTTP request to the configured webhook URL. Possible reasons include network issues, proxy server issues
    See logs for details.

  • Error Code 6: Unexpected error

    An unexpected error occurred while attempting to send the slack message.
    See logs for details.

Release Notes

Version 2.3.1
Dec. 20, 2024
Version 2.3.0
Dec. 10, 2022

Support for Slack Apps in addition to webhook URLs (thanks to bclarkejr 🙌)

Version 2.2.0
Dec. 11, 2020

Updated validation of channel names to allow for tokens to be used (eg. $result.myfield$)

Version 2.1.3
June 19, 2020
  • Fix for broken setup page
Version 2.1.1
June 16, 2020

New cloud compliant setup view

Version 2.1.0
June 15, 2020
  • Python 3 compatibility
  • New app icon
  • Cleanup of setup screen
Version 2.0.3
April 3, 2018
  • Updated app icon
  • Allow certain aspects of message attachment to be configured (conf file only for now)
Version 2.0.1
March 10, 2018
  • Added support for message attachments (see https://api.slack.com/docs/message-attachments)
  • Added support for showing a list of fields from the search results along with the slack message
  • Allows the user to override the webhook URL for each alert
  • Improved logging
Version 1.1.0
Nov. 16, 2017

Validating the webhook URL, forcing HTTPS.
Fixed sender icon.

Version 1.0.2
July 25, 2017

Fixed issue where the result link wouldn't get parsed correctly by the browser since it was being double encoded

Version 1.0.1
Sept. 10, 2015

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.