Ever since the release of our Teams Integration blog we have received requests from customers on whether we can provide the same functionality for Slack. And the use cases actually are very similar – it is always about an efficient and pragmatic approach to logging issues and tickets that came up during the night by leveraging existing infrastructure and without adding more clutter.
Design considerations
Our focus was on providing a solution that would be lightweight, easy to set up and wouldn’t require redesigning existing workflows. We did that by utilizing Enterprise Alert’s ability to automatically execute remote actions on triggered alert policies. This feature was initially implemented to allow On-Call people to utilize preconfigured remote actions for faster problem resolution. Like restarting servers/services or kicking of automated information gathering. In this case, we use the very same feature to trigger a PowerShell script that forwards key information from the event source to a Slack Chat Room allowing your team to start collaborating.
Add the Incoming Webhook add-on to Slack
- Log in to https://app.slack.com/client/
- Click on the cogwheel at the top and select Add an App from the menu.
- Search for Webhook and select Incoming Webhook from the available Apps.
- Add the App.
- Provide the channel you want to post in and add the Incoming Webhook.
- Copy the webhook URL and save it somewhere easily accessible to you.
REST Webhook Call via PowerShell Script
The PowerShell script will provide the core functionality in this setup by making the REST request. In this example, we will only work with 2 parameters, but this can be easily scaled. In order to set this up, the below steps are necessary.
- Create a location for your script to be stored in. A local folder (e.g. C:\Scripts) is recommended as remote locations can cause unnecessary problems.
- In this folder create a new ps1 file and give it a descriptive but short name.
- Open the file and paste in the below example script and fill in the <REST_Endpoint> placeholder with your REST Endpoint URL from the previous section:
param( $Param1, $Param2 ) $body = ConvertTo-Json @{ channel = "#ea_alerts" text = "Solarwinds reported a '$Param1' issue. Details: '$Param2'" username = "Enterprise Alert" } $uriSlack = "<REST_Endpoint>" Invoke-RestMethod -Method POST -ContentType "application/json" -body "$body" -Uri "$uriSlack"
- Save the script file and note down the file name and path.
Remote action to automatically forward alerts
To set up the remote action you first have to set up a task in Windows task scheduler and configure it to run a PowerShell script with two parameters we forward from Enterprise Alert.
- In the Task scheduler make sure the Enterprise Alert Directory is present.
- Create a new task and give it a name. Make sure you set the flags as shown below.
- Within the task create a new action and configure it like displayed below. The used settings you can find below the screenshot.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
-ExecutionPolicy Bypass -File "C:\Scripts\Slack.ps1" -param1 "$(Arg0)" -param2 "$(Arg1)"
- Log onto the EA Portal navigate to the remote action section.
- Create a new remote action and make sure it is set to execute in the task scheduler. Since it is a remote action that will be run automatically you don’t have to configure anything else.
- In the action, tab select the task we previously created, and it will populate the configured parameters.
Add the Remote Action to the Alert Policy
The last step is to connect the remote action with your already existing alerting scenario.
- Go to the action tab of your Policy and add the Remote Action. Take care that the action is flagged as auto-run.
- Click on Edit mappings to link up the parameters you want to forward to Slack. In our case, it is the external ID and the status description directly taken from the source event.
Now, whenever the policy triggers you will get a new post on Slack you can use as a starting point for discussions.
Summary
Using the webhook of a chat channel in Slack, we can easily forward alerts that are triggered through an alert policy in Enterprise Alert. This approach utilizes the filtering and targeting capabilities of alert policies of Enterprise Alert. It notifies an entire team channel in Slack upon new alerts. By creating multiple scripts targeting different channels in Slack you could easily route alerts based on responsibilities or other criteria. Opportunities are endless….
If you have any further questions on this topic please feel free to contact us under support@derdack.com.