Slack notifications

Good day,

I am trying to set up Watcher Slack notifications, but I have some questions that your documentation are not clear on.

According to this article I am supposed to use the keystore tool to add the account name and URL to the keystore, but how do I go about using the keystore tool? The example shows:
bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url

  • Where and how do I run this command if our stack is in the cloud?
  • What is the syntax of this command when adding a setting? Is it
    bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url=https://hooks.slack.com/services/TOKEN ?

After this is all done, how do I proceed from here to get the notifications to Slack? Your documentation states:

Thank you.

cc @Larry_Gregory would you happen to know about this?

Hi @werner.fletcher,

Your Elasticsearch keystore settings can be managed in your Cloud Console under the Security submenu of your deployment:

The docs for this are located at https://www.elastic.co/guide/en/cloud/current/ec-configuring-keystore.html

Hi Larry,

Thank you, I got it working. I do however have another question for you. The Slack alert does not want to display the message when I use:

{{ctx.payload.hits.hits.0._source.agent.message}}

It works for the email and I can see the message, but it's not displaying anything in Slack. Is there perhaps another way to extract the message so that I can display it in Slack?

Thank you.

Please disregard the above post, I managed to figure out why it was not working, it had to be:

{{ctx.payload.hits.hits.0._source.message}}

You may close the ticket, thanks for your help.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.