Diving Deeper into the Rabbit Hole with Alice — Logz.io’s Slack Bot

The adoption of ChatOps — i.e. connecting an organization’s software delivery cycle and day to day operations to chat channels — has grown over the past few years. Facilitating cross-team communication and collaboration, Slack has become the most popular tool for implementing ChatOps-driven work practices.

At Logz.io, ChatOps and Slack are an integral part of our organizational procedures and culture, and we are now happy to inform our users that they can now use a new Logz.io Slack Bot called Alice to join the ChatOps revolution.

Similar to Alice’s adventures in wonderland, this bot allows Logz.io users to dive deeper into the rabbit hole and perform Elasticsearch queries, see the alerts triggered in their environment and get a snapshot of a Kibana visualization and dashboard. Alice is based on Logz.io’s public API and we intend to add support for more and more API methods in the near future.

Note: If you do not have API access, you’ll need to request it to work with Alice.  

Getting Started with Alice

Getting started with Alice is easy. You’ll find her listed in Slack’s app directory (sign into the directory with your workspace credentials):


All you have to do now is hit the green Install button. You’ll be asked to authorize the installation, after which Alice will be installed and added to your workspace. You will then be prompted, in Slack,  to set it up.


Click Yes, and you will be presented with a Logz.io Configuration dialog.


There are two details you will need to configure the bot — the AWS region in which your account is deployed (either US or EU), and an API token.

If you’re not sure what AWS region your Logz.io account is deployed in, just check the login URL you use for accessing Logz.io – app.logz.io means your account is deployed in US, app-eu.logz.io means you are in the EU.

To retrieve an API token, click the cogwheel icon in the top-right corner of the Logz.io UI, go to the Tools –> API Tokens, and create a new API token.

API Tokens

Once you save the configuration, the app will be installed and added to your Slack workspace (the settings can be changed at any point in time using the setup command).

You will now be able to issue commands to Alice for interacting with your data and your Logz.io account. You can add Alice to a specific channel (just tag @Alice) or issue commands from the app itself in Slack.

If you ever need to change the name of the bot in your Slack org, for example if you already have an Alice user and want to prevent confusion, just go to the app’s management page and click the edit pencil in the Bot User section.


App Homepage

Use the help command to see a list of all the available commands and their syntax:

Alice Help

Querying Elasticsearch with Alice

Using the search command, you can use the bot to search for specific log messages. To do this, you will need to stick to Lucene syntax. Note that the search command requires enclosing the query with the ‘`’ character.

For example, let’s search for Apache error response codes:


By default, the results displayed show matching logs from the last 15 minutes. Specify a timeframe if you want to be more specific.

For example:

@Alice search `type:apache_access AND response:[400 TO *]` from now to 

Viewing a Kibana snapshot

Last year we released Kibana Snapshots, a feature that allows users to easily share snapshots of a Kibana visualization or dashboard to an endpoint of their choice. Using our API, users can programmatically create and send Kibana snapshots.

Alice also supports the creation of snapshots so you can view a specific visualization or dashboard at any time.

First, use the get command to see a list of your Kibana objects. You can select to see a list of searches, visualizations or dashboards.

get dashboards

Choose the dashboard you want to see a snapshot of from the list, and use the snapshot command as follows:


Note the usage of  a ‘-’ between words in the dashboard name and the usage of the timeframe parameter.

Viewing alerts

You can use the bot to see the most recent alerts triggered in your environment. The get triggered alerts command will result in the last five alerts triggered in the system — their name, severity and when they were triggered.


It’s open source!

Being mission-critical to DevOps and Operations teams means our users need an easy and seamless way to interact with the data they are collecting from their environment. Organizations using Logz.io and Slack now have a tool that enables them to do just that.

As mentioned above, we will be improving Alice by adding support for additional API methods. In the meantime, we welcome your feedback. Alice is based on BotKit and is open source, so feel free to customize it to your needs, change its behavior and send us pull requests.


Looking for a scalable and easy-to-use ELK solution? Try Logz.io!

    Stay updated with us!

    By submitting this form, you are accepting our Terms of Use and our Privacy Policy

    Thank you for subscribing!