Skip to main content

Send notifications to Slack

You can configure APEX AIOps Incident Management to send alert or incident notifications to Slack using the Slack API.

Before you begin

Before you set up your Slack outbound integration:

  • Make sure you are signed in with your Slack account on api.slack.com/apps.

  • Make sure you are signed in to your workplace in Slack.

Set up a Slack notification channel

  1. Go to api.slack.com/apps.

  2. Click Create New App > From scratch.

  3. Provide a name for the app and select a workspace. Then click Create App.

  4. Enable incoming webhooks:

    1. Navigate to Features > Incoming Webhooks.

    2. Click the slider to enable the feature.

  5. Configure OAuth and permissions:

    1. Navigate to Features > OAuth & Permissions.

    2. Under Scopes > Bot Token Scopes, add a new OAuth Scope named chat:write. This will enable the bot to write messages to the Slack channel.

    3. Under OAuth Tokens for Your Workplace, click Request to Install.

    4. Fill out a request message and submit the request.

  6. Once your administrators approve the installation request, open Slack.

  7. Within Slack, create a new channel.

  8. Navigate back to api.slack.com/apps.

  9. Navigate to Features > OAuth & Permissions > OAuth Tokens for Your Workplace and click Install to Workplace. A page will appear requesting permission to access your workplace.

  10. Select the new Slack channel you created and click Allow.

  11. Open Slack. Within Slack, right click your new channel and select View channel details from the dropdown menu.

  12. Navigate to Integrations > Apps and click Add an App.

  13. Type the name of the app into the search bar and add it to the channel.

Configure the CREATE webhook endpoint in Incident Management

Once you have finished configuring the notification channel in Slack, you must create new incident webhook endpoints in Incident Management in order to send data to Slack. This section explains how to set up the Slack CREATE webhook endpoint, which creates new incidents in Slack when incidents are processed in Incident Management.

To configure the CREATE webhook endpoint:

  1. Log in to Incident Management and navigate to Integrations > Outbound Integrations > Webhook Endpoint > Incident Webhook Endpoint.

  2. Click Add Incident Webhook Endpoint and enter "Slack CREATE" as the name of the webhook endpoint. Optionally, provide a description.

  3. Complete each section of the webhook endpoint according to the following:

    1. Skip the Triggers section.

    2. Configure the Endpoint:

      1. Set the request method as POST.

      2. Copy and paste the following URL:

        https://slack.com/api/chat.postMessage

      3. Under Authorization, select "Bearer Token" from the dropdown menu.

      4. Click Add New Credentials and provide a name.

      5. Go to api.slack.com/apps and open the page for the app you created earlier for this integration.

      6. Navigate to Features > OAuth & Permissions.

      7. Under OAuth Tokens for Your Workspace, copy the Bot User OAuth Token.

      8. Go back to Incident Management and paste the token you just copied into the Token field.

      9. Click Save.

    3. Specify the Payload Body:

      1. Open Slack. Within Slack, right click your notification channel and select View channel details from the dropdown menu.

      2. Scroll down to the bottom of the pop-up window and copy the Channel ID. Save it somewhere for later use.

      3. Go back to Incident Management.

      4. Paste the following JSON into the Key/Value Editor box. Make sure to replace <your-channel-ID> with your Slack Channel ID:

        {
    "channel": "<your-channel-ID>",
    "text": "ISSUE: $id || SEVERITY: $severity || TOTAL ALERTS: $total_alerts || DESCRIPTION $description || INCIDENT URL: $incident_url || CREATED AT: $created_at"
}

      5. Under Manage JSON variable type declarations, click Add Type Declaration.

      6. Click Variable and select $created_at from the dropdown menu.

      7. Click Type and select Date and Time - Human-Readable Format (ISO 8601). This will make sure that the creation time is printed in human-readable format, instead of the default epoch format.

  4. Save the webhook endpoint.

Configure the UPDATE webhook endpoint in Incident Management

Next, create the Slack UPDATE webhook endpoint, which sends update notifications to Slack when Incident Management incidents are changed.

To configure the UPDATE webhook endpoint:

  1. Navigate to Integrations > Outbound Integrations > Webhook Endpoint > Incident Webhook Endpoint.

  2. At the far right side of the "Slack CREATE" webhook endpoint you just configured, click on the copy icon:

    SlackIntegrationCopyWebhook.png

  3. Enter "Slack UPDATE" for the name of the duplicate webhook endpoint and click Duplicate.

  4. Click on the "Slack UPDATE" webhook endpoint to open it.

  5. Click Edit.

  6. Under the Triggers section, select the conditions that you would like to trigger the webhook endpoint.

    Leave the rest of the webhook endpoint unchanged.

  7. Save the webhook endpoint.

Configure the CREATE workflow in Incident Management

Configure an incident workflow called Slack CREATE Workflow, which triggers the "Slack CREATE" webhook endpoint when an incident is created in Incident Management.

To configure the CREATE workflow:

  1. Log in to Incident Management and navigate to Correlate & Automate > Workflow Engine > Incident Workflows.

  2. Click Add Workflow and enter "Slack CREATE Workflow" as the name of the workflow. Optionally, provide a description.

  3. For the Trigger, select New incidents only.

    If desired, add a filter condition on the incidents that you wish to forward to Slack.

  4. Click Add Action, select the Send to Endpoint action and then click Add Selected Action.

  5. Select the new Send to Endpoint action complete each section according to the following:

    1. Webhook: Select the "Slack CREATE" incident webhook endpoint that you created earlier.

    2. External Link: Skip this section.

    3. Integration Name: Enter the following (without quotes): "Slack Integration"

      Skip all remaining sections.

  6. Save and Enable the workflow.

Configure the UPDATE webhook endpoint in Incident Management

Finally, configure another incident workflow called Slack UPDATE Workflow, which triggers the "Slack UPDATE" webhook endpoint to send data when an incident is updated in Incident Management.

To configure the UPDATE workflow:

  1. Navigate to Correlate & Automate > Workflow Engine > Incident Workflows.

  2. Click Add Workflow and enter "Slack UPDATE Workflow" as the name of the workflow. Optionally, provide a description.

  3. For the Trigger, select Changed incidents only.

  4. Click Add Action, select the Send to Endpoint action and then click Add Selected Action.

  5. Select the new Send to Endpoint action and complete each section as follows:

    1. webhook endpoint: Select the "Slack UPDATE" incident webhook endpoint that you created earlier.

    2. External Link: Skip this section.

    3. Integration Name: Enter the following: "Slack Integration"

      Skip all remaining sections.

  6. Save and Enable the workflow.

Test the integration

  1. Navigate to Integrations > Ingestion Services > Events API.

  2. Add your API key to the provided cURL command and run the command in an external terminal to send an event to Incident Management.

  3. Verify that an incident has been created in Incident Management.

  4. Within Slack, verify that an incident notification has arrived. You should also see the test notification(s) you sent earlier.

  5. If you have enabled updates and included Status changed as a trigger, close the incident in Incident Management and verify in Slack that an update notification has arrived.

In this section: