--- title: Alert notification on Slack and Email description: You can configure Splunk to send alert notification to a Slack channel or through and email. component: pingintelligence version: 5.1 page_id: pingintelligence:pingintelligence_dashboard:pingintelligence_alert_notifications_slack canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/pingintelligence_dashboard/pingintelligence_alert_notifications_slack.html revdate: April 3, 2024 --- # Alert notification on Slack and Email You can configure Splunk to send alert notification to a Slack channel or through and email. **Slack** **Prerequisites**: * The Slack app should already be installed in your Splunk setup. * Connect Slack and Splunk using webhooks. For more information on Slack webhooks, see [Incoming Webhooks](https://api.slack.com/incoming-webhooks) Complete the following steps to create an alert for Slack: 1. Navigate to **Settings** ̶> **Searches, reports and alerts** | | | | - | ----------------------------------------------------------- | | | Alert should be created for App: Search & Reporting(search) | 2. Create new alerts. Enter the values as described in the table below: | **Value** | **Description** | | ------------------ | ------------------------------------------------------------------------------------- | | Description | PingIntelligence for APIs Alert | | Search | `Search: index="pi_events"``sourcetype="pi_events_source_type"``access_type="attack"` | | Alert Type | Scheduled → **Run on Cron Schedule** | | Cron Expression | \*/10 \* \* \* \* | | Time Range | 600 | | Expires | 24-hours | | Trigger alert when | The alert should be triggered for results when greater than 0 | | Trigger | For each result. This would trigger a new alert for each event. | | Throttle | Do not throttle the events | 3. Configure alert. | **Value** | **Description** | | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Add Actions | Choose the slack app to add actions | | Channel | Use the channel which has been configured with webhook URL which starts with either # or @In this example, we are using channel name as:#PingIntelligence\_alerts | | Message | This is the message that will be posted along with the alert in Slack. We recommend using the below message:``` ------------------------------------------------------- $result.attack_type$ has been detected on API: $result.api_name$ ----------------------------------------------------------------- More details : $result._raw$ ``` | | Attachments | NA | | Fields | NA | | Webhook URL | NA | 4. Post a message in Splunk to verify that it is notified in Slack