Splunk issue with Telegram Alert Action: Can not configure the action - Telegram API - PhpOut

TonyNgo
November 9, 2021
164 views
0 votes
2 Answers

I installed Telegram Alert Action app (https://splunkbase.splunk.com/app/3703/) for my SearchHead server (Splunk Enterprise 8.0.6) successfully. But when i add Telegram Alert action for the alerts, i can not see any its configurations as attached image:
https://i.stack.imgur.com/5wWWR.png

Could any one tell me what is this issue?
Thanks very much!

Tags: splunk telegram-bot

Answers

Chosen as BEST ANSWER
- TonyNgo
- November 12, 2021 at 4:26 pm
- 0 votes
0
I just have solved the issue this way:
1. Add the Telegram alert action for the alerts in Web UI, and Save the changes.
2. Open SSH session to SearchHead server, find and open the file that contains configurations of the alerts that were added Telegram alert action, and add more 5 lines below the line action.telegram = 1 and save the changes:
```
action.telegram.param.bot_id = Bot-ID
action.telegram.param.chat_id = Chat-ID
action.telegram.param.severity = Low/Medium/High/Critical
action.telegram.param.event_title = Alert title
action.telegram.param.message = Alert message
```
1. Finally, reload/restart Splunk in the SH server, and enjoy the results!
Anyway, thanks for your help!

(Edit)

- warren
- November 9, 2021 at 2:18 pm
- 0 votes
0
What configuration of the add-on have you done?

According to https://splunkbase.splunk.com/app/3703/#/details, you need to have Chat & Bot IDs (ref: https://core.telegram.org/bots/api)

Do you have them?

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.