Splunk has announced cool new app SlackIT. You can easy download it.
Wait, do you know what is slack? It is the best in class team communication service. Do you have a team? Then you definitely should use slack.
Ok, let's connect splunk and slack.
First, we should download new app in splunk. It is easy. Moreover we haven't do any addition actions in splunk interface, except some actions with slack.conf file. But before we start, lets go to slack and add new integration:
Let's choose channel, which will get result from splunk search
In addition, we can choose any person, who will get result. Then click on "Add Incoming WebHook Integration" and copy Webhook URL, which will send json result from splunk to slack.
We have done with slack. Let's start to configure slack.conf file, which we can find in slackit app:
[config]
url = https://hooks.slack.com/services/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y
username = gold_unicorn
channel = our-team
icon = https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-150x150.png
allow_user_set_slack_url = 0
send_message_even_no_results=0
Save file. That's all. Now we can easy send result from splunk to the salck channel. Let's try to do it.
As you see on screen, I've just added slackit command. And what is the result? All my team in channel saw this result:)
PS As a bonus you send any message via terminal using the same Webhock URL:
Wait, do you know what is slack? It is the best in class team communication service. Do you have a team? Then you definitely should use slack.
Ok, let's connect splunk and slack.
First, we should download new app in splunk. It is easy. Moreover we haven't do any addition actions in splunk interface, except some actions with slack.conf file. But before we start, lets go to slack and add new integration:
Let's choose channel, which will get result from splunk search
In addition, we can choose any person, who will get result. Then click on "Add Incoming WebHook Integration" and copy Webhook URL, which will send json result from splunk to slack.
We have done with slack. Let's start to configure slack.conf file, which we can find in slackit app:
- url: Webhook URL , for example: https://hooks.slack.com/services/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
- username: the username that appears in slack
- channel: the channel that will receive the search results, channel can be specified by slackit search arg or person
- icon: the icon that appears in slack.
- allow_user_set_slack_url: enable this option if you're allowing the users send results to different # slack teams
- send_message_even_no_results: disable option to send message without result
[config]
url = https://hooks.slack.com/services/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y
username = gold_unicorn
channel = our-team
icon = https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-150x150.png
allow_user_set_slack_url = 0
send_message_even_no_results=0
Save file. That's all. Now we can easy send result from splunk to the salck channel. Let's try to do it.
As you see on screen, I've just added slackit command. And what is the result? All my team in channel saw this result:)
PS As a bonus you send any message via terminal using the same Webhock URL:
curl -X POST --data-urlencode 'payload={"channel "#our-team", "username": "webhookbot", "text": "What's up!", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/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y
