Created
February 10, 2017 01:35
-
-
Save longlostnick/d11c0b8b93d85aeebdfa870c6c4972aa to your computer and use it in GitHub Desktop.
Transform a Splunk webhook and send to Slack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var util = require("util"); | |
var https = require("https"); | |
var title_template = "Alert - <%s|%s>"; | |
var body_template = "\`\`\`%s\`\`\`"; | |
var request_options = { | |
hostname: 'hooks.slack.com', | |
path: '<slack_url>', | |
method: 'POST', | |
headers: { | |
'Content-Type': 'application/json', | |
} | |
}; | |
exports.handler = (event, context, callback) => { | |
console.log('Received event:', JSON.stringify(event, null, 2)); | |
var req = https.request(request_options, function(result) { | |
callback(null, 'Success'); | |
}); | |
req.on('error', function(err) { | |
console.log('Error, with: ' + err.message); | |
callback('Error, with: ' + err.message); | |
}); | |
var splunk_fields = event.result; | |
var search_title = util.format(title_template, event.results_link, event.search_name); | |
var raw = splunk_fields._raw; | |
if (raw.length > 7000) { | |
// Slack attachment text only supports up to 8000 bytes, | |
// way undershooting that just in case | |
raw = util.format("%s...", raw.substr(0, 7600)); | |
} | |
var body = util.format(body_template, raw); | |
req.write(JSON.stringify({ | |
"channel": "#splunk", | |
"username": "Splunk", | |
"icon_emoji": ":splunk:", | |
"attachments":[ | |
{ | |
"title": search_title, | |
"text": body, | |
"color": "danger", | |
"mrkdwn_in": ["text"], | |
"fields":[ | |
{ | |
"title": splunk_fields.job ? "job" : "app", | |
"value": splunk_fields.job ? splunk_fields.job : splunk_fields.app, | |
"short": true | |
}, | |
{ | |
"title": "host", | |
"value": splunk_fields.host, | |
"short": true | |
} | |
] | |
} | |
] | |
})); | |
req.end(); | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment