Slack Sink
- Juan Tomás Alonso Nieto (Deactivated)
Description
This unit is a Sink unit type.
The Slack Sink unit sends a Slack message to a configurable channel.
An event comes in through the in port. The custom message is sent to the configured Slack channel.
If an error occurs, the input event is enriched with standard error fields and is sent to the error output port.
Configuration
After dragging this unit into the Flow canvas, double-click it to access its configuration options. The following table describes the configuration options of this unit:
Tab | Field | Description |
|---|---|---|
General | Name | Enter a name for the unit. It must start with a letter, and cannot contain spaces. Only letters, numbers, and underscores are allowed. |
Description | Enter a description detailing the scope of the unit. | |
Message | The message to send. You can include references to input event fields using the following format:
| |
Slack WebHook | Enter the Slack Webhook that references the required Slack workspace and channel where the messages will be sent. Learn more about Slack Webhooks and how to use them here. |
Input ports
Port | Description |
|---|---|
in | All events enter through this port. |
Output ports
Port | Description |
|---|---|
error | Signals when an error occurs. Outputs input events enriched with standard error fields. |
Example
Imagine you have a Devo domain with users from two different countries and need to notify via Slack each time users from one country or the other one are working in the domain.
You can use the Batch Detector unit to get notified each time the value in the country column of the siem.logtrust.web.activity table changes. To do it, add a Devo Source unit to indicate the source table that will send the events. Then, connect it to the Batch Detector unit through its in input port. Finally, link the start output port of the unit to a Slack Sink unit to get notified each time a new batch of events starts.
In the Slack Sink unit properties, you must specify the message to be sent via Slack and the required Slack Webhook.
Download this example
You can try this flow by downloading the following JSON file and uploading it to your domain using the Import option:
