Hi, am trying to get the Splunk Health report to alert to Splunk.
I have created health.conf in etc/system/local:
[health_reporter]
alert.disabled = 0
alert.actions = slack
[alert_action:slack]
action.slack = 1
action.slack.param.channel = #somechan
action.slack.param.message = HEALTH ALERT
Is this the right way to configure it? Have tried to get an alert triggered but am not seeing messages come to slack (we have other saved searches that are working to slack.
↧