Menu

Subscribe

Sending Alerts to Slack

Seq can monitor the event stream and trigger alerts when configured conditions occur. For example, a system produce an alert when an item runs out of stock.

Alerts are useful because they can generate notifications. If I receive a notification that a product is out of stock I can take action, such as ordering more stock. There are many ways to receive alert notifications. One popular notification option is to configure Seq to write a message to a Slack channel when an alert is triggered.

Getting Started

The Seq sample data includes an event type representing when a product runs out of stock in a fictional coffee retailer.

Seq user interface showing a list of log events; a single warning event is expanded "Product (id) is out of stock".
Out of stock event

Before creating an alert it is necessary to have a way to send a notification when the alert triggers.

Configure Slack to receive notifications

For Slack to receive notifications from Seq we firstly create a new Slack app, with the 'Incoming Webhooks' feature. Then add a new Webhook, and give the new Slack app permission to post to one of your Slack channels. I configured a Webhook to write to a '#stock-alerts' Slack channel. When your Webhook is configured take a copy of the 'Webhook URL' for later.

Slack Webhook configuration screen showing "Webhook URLs for Your Workspace", a URL, and a copy button.
Configure Slack to receive notifications

Setting up Slack integration in Seq

To integrate Seq and Slack you need to install the 'Slack Notifier' Seq app (developed and maintained by David Pfeffer and the Seq community). Go to Settings > Apps > Install from NuGet and install the 'Seq.App.Slack' app. Add an instance of the app (mine is called 'Alert notifications'), setting the 'Webhook URL' to the value you copied from the Slack app. Now Seq has a way to write to a Slack channel.

Creating the Alert

Seq alerts are triggered by a query that produces a result. This query will produce a result for each minute in which there is at least one 'out of stock' event.

Seq UI showing query "select count(*) as num from stream where @EventType = 0x724F0870 group by time(1m) having num > 0, and a line chart of the results.
Counting out of stock events, grouped by minute

The chart at the bottom of the window shows that 'out of stock' events occur regularly. The inventory controller needs to know!

To make this query into an alert I click the bell button. I've named the new alert 'Out of stock' and selected the Slack Notifier Seq app instance as the 'Output app instance'. When the alert triggers it will send the notification to the '#stock-alerts' channel.

Seq Alerts edit screen scrolled to Notifications section showing warning notification level selected, and Slack "Alert notifications" output selected.
Creating an alert that sends events to Slack

Within a few minutes an 'out of stock' event has triggered and an 'out of stock' alert and a message has been sent to the '#stock-alerts' Seq channel.

Slack UI showing channel with message from "Seq Notifications" app "Alert condition triggered by admin/Out of Stock", and link "Explore detected results in Seq".
Seq alert has arrived in Slack

When a notification appears in Slack I can follow the links back to the alert that generated the notification or to the query the alert is based on. For these links to work you will need to have set the api.canonicalUri Seq server setting.

There is a lot more that can be done with alerts and the Slack Notifier Seq app. Refer to the Seq documentation for more detail.

There are also notification apps for email and Microsoft Teams.

Liam McLennan

Read more posts by this author.