--- title: Configuring alert notifications on Slack and email description: You can configure Splunk to send alert notifications to a Slack channel or through email. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_alert_notifications_slack canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_alert_notifications_slack.html revdate: April 3, 2024 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps --- # Configuring alert notifications on Slack and email You can configure Splunk to send alert notifications to a Slack channel or through email. ## Before you begin Make sure to install the Slack app in your Splunk setup. Also be sure to connect Slack and Splunk using webhooks. For more information on Slack webhooks, see [Incoming Webhooks](https://api.slack.com/incoming-webhooks). ## About this task Complete the following steps to create an alert for Slack: ## Steps 1. Navigate to **Settings** ̶> **Searches, reports and alerts**. | | | | - | ------------------------------------------------------------- | | | Alerts should be created for App: Search & Reporting(search). | 2. Create new alerts. Enter the values as described in the table below: ![A screenshot of the Alert Settings page in Splunk.](../_images/yci1564009110588.png) | Value | Description | | ---------------------- | ------------------------------------------------------------------------------------- | | **Description** | `PingIntelligence for APIs Alert` | | **Search** | `Search: index="pi_events"``sourcetype="pi_events_source_type"``access_type="attack"` | | **Alert Type** | **Scheduled → Run on Cron Schedule** | | **Time Range** | **Last 600 seconds** | | **Cron Expression** | `*/10 * * * *` | | **Expires** | `24` `Hours` | | **Trigger alert when** | The alert should be triggered for results when greater than 0. | | **Trigger** | **For each result**. This would trigger a new alert for each event. | | **Throttle** | Do not throttle the events. | 3. Configure alert action as follows. ![A screenshot of Alert Actions page in Splunk.](../_images/djm1564009111756.png) | Value | Description | | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Add Actions** | Choose the Slack app to add actions. | | **Channel** | Use the channel that has been configured with a **Webhook URL** starting with either # or @.In this example, we are using **Channel** name as:`# PingIntelligence_alerts` | | **Message** | This is the message that will be posted along with the alert in Slack. We recommend using the following message:``` ------------------------------------------------------- $result.attack_type$ has been detected on API: $result.api_name$ ----------------------------------------------------------------- More details : $result._raw$ ``` | | **Attachments** | N/A | | **Fields** | N/A | | **Webhook URL** | N/A | 4. Post a message in Splunk to verify that it is notified in Slack.