Formatting help #21
-
|
I would love to enhance the formatting on my Splunk alerts, for example, how to achieve this image (thats on the repo main page) I would love to be able to include that quoted bottom section, but cant figure out how to do this with markdown formatting in Splunk? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Whatever you enter in the "Message" field in the alert follows Slack's text formatting rules. The quoted section in the screenshot is a triple-fenced codeblock (using 3 backticks). The example from the screenshot would look something like this: You can use Slack's message builder to take a look at the preview. The "message" input basically supplies the Here's what it would look like to enter the formatted message in the alert UI: You can learn more about formatting slack messages here: https://api.slack.com/reference/surfaces/formatting |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! I will play around a bit - more trying to figure out how you did the layout such that "host" and "clientip" are on the same line under different "columns" |
Beta Was this translation helpful? Give feedback.
-
Those are just fields that I specified, special formatting needed.
Those fields need to be in the search results. |
Beta Was this translation helpful? Give feedback.
-
|
Ahhhh, got it! Thanks so much - very helpful. |
Beta Was this translation helpful? Give feedback.
Whatever you enter in the "Message" field in the alert follows Slack's text formatting rules. The quoted section in the screenshot is a triple-fenced codeblock (using 3 backticks).
The example from the screenshot would look something like this:
You can use Slack's message builder to take a look at the preview. The "message" input basically supplies the
textproperty in the JSON payload. Note that Splunk would replace$result._raw$with the field value before sending the message to the Slack API.Here's what it would look like to enter the formatted message in the alert UI:
You can le…