Telegram is a very handy and easy to manage option as a Splunk alert action. To avail this feature, we have an add-on in Splunkbase to configure telegram alert action with Splunk. The telegram alert action allows Splunk to send alerts to Telegram groups and chats through the use of a Telegram Bot.

ADD-ON Installation:

To download and install the Telegram Alert Action, got to below link 

https://splunkbase.splunk.com/app/3703

This Alert action configuration will be in two phases:

  1. Telegram App (Get Chat ID and BOT ID setup)
  2. Splunk (Splunkbase App)

Telegram Alert App Configuration:

How to get Chat ID and Bot ID:

1. Create a telegram developer account.

2. In your device open telegram and search for “BotFather” and follow the below steps.

   

  • In the chat box of Botfather, send   /start.
  • To create a new bot, send command as /newbot .
  • Provide a name for your BOT.
  • After that provide a unique username for your bot.

Over herein above image, you see we got BOT ID/HTTP API. 

Note: down this BOT ID  to configure it in Splunk alert action.

3.Now to get Chat ID, create a group in telegram and add newly created Bot into that group and send test message into the group.

4.Get the list of updates for your BOT:

https://api.telegram.org/bot/getUpdates

In my case below links as I edited with HTTP API generated by this link you can see your test message

https://api.telegram.org/bot911849921:AAF7JHzW2w3JVM2emcXUf1X092ZhXZvtIWY/getUpdates

5.If you open the above link in the browser you will able to see your test message with your id.

Note down your id that’s is nothing but the Chat ID

2.Splunk Telegram Alert Configuration:

Add-on Usage and Configuration:

1. Run your search query in Splunk to create a required alert condition

2.Test your search query result.

3.Click save as and save your query as an alert.

4.Enter a title for your alert, along with a description, and also configure the standard alert fields related to permissions, scheduling, and trigger conditions according to your needs.

5.Under Trigger Actions, click + Add Actions, then select Telegram Alert.

 

6.Enter the Message and select the Severity that you want Telegram to send when the alert is triggered.

7.Enter the Chat ID and the Bot ID to configure an alert, click save.

With all configurations done in Telegram and Splunk here is the Alert action output in Telegram.

If you are still having any questions regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉