Full documentation can be found at http://www.github.com/dajomas/slackalert/wiki
slackalert is a custom alert add-on for Splunk to generate Slack messages.
Before this alert can be used, you have to enable incoming webhooks in Slack for the community that is going to receive the alert messages. Look at https://api.slack.com/incoming-webhooks for details on incoming webhooks for Slack
If the Trigger setting is set to Once, all result events are combined into a single Slack message. If the Trigger setting is set to For each result, then each result will get its own Slack message.
When using the Trigger setting Once, consider using the slackalert macro system.
When you install the add-on, you can run the setup to configure default values for new alerts.
Both setup and alert configuration consist of the following sections:
Slack connect settings. Here you configure the URL, hook token and proxy settings
Mandatory settings. The add-on requires the search result to contain at least a severity field. The fieldname can be configured in the alert and defaults to "severity". Here you can also set either the message field or the message itself.
Optional settings. This section is used to override the channel for the configured webhook
Severity color settings. Set the colorbar of the Slack message according to the severity value
Additional fields. Any field that is returned by the search can be added to the Slack message
Message format settings. The last section in the setup and alert configuration contains information that can be used to construct the Slack message. (for more information on these fields have a look at https://api.slack.com/docs/message-attachments)
* Replace input tags with splunk tags
* Add functionality to allow for sending all or some search result fields to the Slack message
* Default fallback value to message contents
* Switch severity_list input from text box to text area
* Fix severity field parameter in setup.xml
* Fix bug if severity list is empty
Fix location of appIcon files
Bugfix: fix error in import statement
Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.