The Slack App Alert Integration TA is meant to integrate with Slack Apps, the new way
of communicating with Slack in favor of the deprecated Incoming Webhooks integration.
The Incoming Webhooks integration allows sending messages to multiple channels which
is highly flexible. A Slack App has to join a channel before it can post messages in it,
but using the correct configuration in combination with this TA, a Slack App can join a
channel if needed and post messages to it with customized bot name and emoji icon.
An installed Slack App in your Slack Workspace:
Install this TA on your Splunk Search Heads. If you're running a Search Head Cluster, you might
need to add the following line to your server.conf under the [shclustering] stanza on your
Search Heads and restart Splunk:
conf_replication_include.ta_slack_app_alert_integration_settings = true
If you don't do this, it's possible that the secret for the token does not get replicated across your Search Head cluster, and the alert will only work on one Search Head.
After installation of the TA, navigate to the Slack App Alert Integration app in Splunk, and under Add-on Settings, paste the Bot User OAuth token in the Token field. The Base URL can be left as default, provided that your Search Heads have access to it. There is no proxy configuration yet in this version of the TA. Click Save.
When the TA is configured, you can create an alert using the new Slack App Alert Integration alert action, by configuring its fields:
Update addon builder version
Updated for Python3 and Splunk Cloud compatibility.
Changed Message text input to textarea.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.