14 Apr Telegram Alert Action in Splunk

Telegram is a very convenient and easy to use choice as a Splunk alert action. To employ this feature, there is an add-on in Splunk base to compose alert action of a telegram with Splunk. The Telegram Alert Action lets Splunk give alerts to groups and chats in Telegram with the help of  Telegram Bot. 
 
 

ADD-ON Installation 

To download and install the Telegram Alert Action, click the below link  

https://splunkbase.splunk.com/app/3703

The Alert action configuration happens in two phases: 

1. Telegram App (Have Chat ID and BOT ID setup) 

2. Splunk (Alert Action of Telegram in Splunk) 

Telegram App Configuration 

How to obtain Chat ID and Bot ID 

1. Generate a telegram developer account. 

2. Open telegram in your device and look for “BotFather” and follow the below instructions. 

• In the Botfather chatbox, send   /start. 
• To generate a new bot, give the command as /newbot . 
• Create a name for your BOT. 
• Then provide a distinctive username for your bot. 
   

In the above image, you can see that we have a BOT ID/HTTP API.  

 Note: Here are the steps to configure this BOT ID in Splunk alert action. 

3 Now to initiate the Chat ID, generate a telegram group and add newly generated Bot to that group and test message to the group. 

4 Get the updates list for your BOT: 

https://api.telegram.org/bot/getUpdates

The following links as edited with HTTP API created by this link can display the test message. 

https://api.telegram.org/bot911849921:AAF7JHzW2w3JVM2emcXUf1X092ZhXZvtIWY/getUpdates

5 In the above link, you will be able to see the test message with your id in the browser. 
 
 

 Note down the id which is the Chat ID 

2 Splunk Telegram Alert Configuration  

Add-on Usage and Configuration 

1. Execute the search query in Splunk to generate the required alert condition 

2 Test the search query result. 

3 Choose to save as and save the query as an alert. 

4 Mention a title for the alert with a description, and also build the standard alert fields relevant to permissions, trigger conditions, and schedule according to your requirements. 

5 In Trigger Actions, choose + Add Actions, then choose Telegram Alert. 

6 Mention the Message and choose the Severity that you expect Telegram to send when an alert is prompted. 

7 Mention the Chat ID and Bot ID to compose an alert, choose to save. 

After the configurations are done in Telegram and Splunk, the Alert action output in Telegram is here. 

If you still have any questions related to this topic do not hesitate to post your doubts in the Comment Box below and for further updates follow us on 👍 Social Networks, Happy Splunking