Version: 7.x-36.0.0

This is a technical preview. Technical preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production. We encourage you to try them out and provide your feedback, good and bad, on the Search Guard forum. This will help us improve and add any features you might be missing.

Slack Action

Use Slack actions to send notifications via Slack. You can use Mustache templates to define dynamic content for the Slack message.


In order to use Slack actions, you need to configure a Slack webhook using the accounts registry of Signals. See the accounts registry documentation for more on that.

Basic Functionality

A basic Slack action looks like this:

     /* ... */ 
	"actions": [
			"type": "slack",
			"name": "my_slack_action",
			"throttle_period": "1h",
			"account": "internal_slack",
			"text": ":warning:\n**Bad destination weather** for  flights over last "

The basic configuration attributes are:

name: A name identifying this action. Required.

throttle_period: The throttle period. Optional. Specify the time duration using an amount, followed by its unit. Supported units are m (minutes), h (hours), d (days), w (weeks). For example, 1h means one hour.

checks: Further checks which can gather or transform data and decide whether to execute the actual action. Optional.

account: Identifies the Slack application which shall be used for sending the message. See the accounts registry documentation.

text: Defines the content of the message. Mustache templates can be used to render attributes from the watch runtime data. Optional. See the Slack documentation for details on how to format the message.

Slack blocks or attachments are not yet supported, but will be coming up soon.

Not what you were looking for? Try the search.