How to send alerts to Slack with handlers

What are Sensu handlers?

Sensu event handlers are actions executed by the Sensu server on events.

Why use a handler?

Handlers can be used for sending an email alert, creating or resolving an incident (in PagerDuty, for example), or storing metrics in a time-series database (InfluxDB, for example).

Using a handler to send alerts to Slack

The purpose of this guide is to help you send alerts to Slack, on the channel monitoring, by configuring a handler named slack to a check named check-cpu. If you don’t already have a check in place, this guide is a great place to start.

Installing the handler command

The first step is to create an executable script named slack-handler, which is responsible for sending the event data to Slack. You can download a release of this handler from GitHub, then extract it by running:

sudo tar -C /usr/local/bin -xzf REPLACE-WITH-DOWNLOAD-FILENAME

Alternatively, you can compile or cross compile the handler from the source code using the Go tools. The generated binary will be placed into one of the Sensu backend $PATH directories, more precisely /usr/local/bin.

# From the local path of the slack-handler repository
go build -o /usr/local/bin/slack-handler main.go

Getting a Slack webhook

If you’re already an admin of a Slack, visit https://YOUR WORKSPACE NAME HERE.slack.com/services/new/incoming-webhook and follow the steps to add the Incoming WebHooks integration, choose a channel, and save the settings. (If you’re not yet a Slack admin, start here to create a new workspace.) After saving, you’ll see your webhook URL under Integration Settings.

Creating the handler

Now that our handler command is installed, the second step is to create a handler that we will call slack, which is a pipe handler that pipes event data into our previous script named slack-handler. We will also pass the Slack webhook URL and the Slack channel name to this script. Finally, in order to avoid silenced events from being sent to Slack, we will use the not_silenced built-in filter, in addition to the is_incident built-in filter so zero status events are also discarded.

sensuctl handler create slack \
--type pipe \
--command 'slack-handler \
  --webhook-url https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX \
  --channel monitoring' \
--filters is_incident,not_silenced

Assigning the handler to a check

With the slack handler now created, it can be assigned to a check. Here, since we want to receive Slack alerts whenever the CPU usage of our systems reach some specific thresholds, we will apply our handler to the check check-cpu.

sensuctl check set-handlers check-cpu slack

Validating the handler

It might take a few moments, once the handler is assigned to the check, for the check to be scheduled on the entities and the result sent back to Sensu backend, but once an event is handled, you should see the following message in Slack.

Otherwise, you can verify the proper behavior of this handler by using sensu-backend logs. The default location of these logs varies based on the platform used, but the installation and configuration documentation provides this information.

Whenever an event is being handled, a log entry is added with the message "handler":"slack","level":"debug","msg":"sending event to handler", followed by a second one with the message "msg":"pipelined executed event pipe handler","output":"","status":0.

Next steps

You now know how to apply a handler to a check and take action on events. From this point, here are some recommended resources: