You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Slack offers keyword alerts for getting notifications when a specific keyword or phrase is mentioned. This means regardless of the channel's notification settings, if the keyword is mentioned, you'll get a notification (on both desktop and mobile) and a red badge next to the channel name (as if you had been @'ed). However, when using either incoming webhooks or Slack apps, keyword alerts do not work with the Splunk Slack Alerts app.
To Reproduce
Steps to reproduce the behavior:
In Slack, go to the server's notification preferences. Under "My keywords", enter "Test Alert". Then go to a channel and set the channel's notification preferences to "Mentions".
In Splunk, create an alert that will always trigger and add the Slack action to it. Set the channel to be the channel that you set notifications to "Mentions". Set the message to "Test Alert".
Wait for the Splunk/Slack alert to trigger.
Result: The message is sent, but you don't get a notification or badge.
Expected behavior
You should get a notification and badge.
Splunk Environment:
Splunk Version: 9.0.4
OS: MacOS
Cloud: no
Client Environment: (if it's a UI issue)
Browser Type: Chrome
OS: MacOS
Additional context
It doesn't work because the icon_url and username fields are specified in the request JSON. Example:
In order for keyword alerts to work, icon_url and username can't be present in the request JSON. They can instead be configured on the Slack app itself (from https://api.slack.com/apps).
This could be fixed by checking whether the fields are configured in the Slack Alerts setup in Splunk, and if not, don't add them to the request JSON.
The text was updated successfully, but these errors were encountered:
Describe the bug
Slack offers keyword alerts for getting notifications when a specific keyword or phrase is mentioned. This means regardless of the channel's notification settings, if the keyword is mentioned, you'll get a notification (on both desktop and mobile) and a red badge next to the channel name (as if you had been @'ed). However, when using either incoming webhooks or Slack apps, keyword alerts do not work with the Splunk Slack Alerts app.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
You should get a notification and badge.
Splunk Environment:
Client Environment: (if it's a UI issue)
Additional context
It doesn't work because the
icon_urlandusernamefields are specified in the request JSON. Example:{ "channel": "XXXXX", "icon_url": "https://s3-us-west-2.amazonaws.com/slack-files2/bot_icons/2023-03-11/4935550179346_48.png", "username": "Splunk", "text": "Test Alert" }Even when you clear out those fields in the Slack Alerts setup page, the request JSON sets an empty string for those fields:
{ "channel": "XXXXX", "icon_url": "", "username": "", "text": "Test Alert" }In order for keyword alerts to work,
icon_urlandusernamecan't be present in the request JSON. They can instead be configured on the Slack app itself (from https://api.slack.com/apps).This could be fixed by checking whether the fields are configured in the Slack Alerts setup in Splunk, and if not, don't add them to the request JSON.
The text was updated successfully, but these errors were encountered: