Issue in integrating Splunk alert with Slack

juhisaxena28 · ‎06-18-2019

We are trying to send data from Splunk to Slack via Trigger actions-- Add Actions method. Further we are entering the slack channel name and message. But we are not getting the alerts via slack. Please advise.

DavidHourani · ‎06-18-2019

Hi @juhisaxena28,

There are a lot of apps that allow you to send notifications and alerts to Slack. Personally I prefer this one :
https://splunkbase.splunk.com/app/2878/

Some description on how to use it can be found here:
https://answers.splunk.com/answers/351316/slack-notification-alert-how-can-i-get-the-message-1.html

you could also use this if you prefer, either works :
https://splunkbase.splunk.com/app/3525/

Cheers,
David

Vijeta · ‎06-18-2019

@juhisaxena28 are you using Slack Webhook Alert TA? Have you configured the Account with Webhook name and URL?

juhisaxena28 · ‎06-18-2019

We are using Trigger actions option and selecting Slack dropdown as an option while editing the saved search.

Vijeta · ‎06-18-2019

You might want to use Slack Webhook Alert add-on, once its configured correctly, you can select Slack webhook from Trigger actions dropdown in your saved search.

Issue in integrating Splunk alert with Slack

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases