Hi Santosh,

Is it possible for you to share the python script you created. I have something similar to be done for one of my clienst

Will the type be create as "Report" or "Alert"..?? There are two types one is "Report" and another is "Alert". I have create a saved search, created its schedule etc.. but the type is still "Report". How to do it for "Alert" type??

Hey @harsmarvania57 ,

I tried to use this (against our splunk cloud instance) and i get an error saying;

curl -k -u<removedforsecurity>:<removedforsecurity> https://<removedforsecurity>.splunkcloud.com:8089/servicesNS/cmpapi/search/saved/searches/seantest-CreateAccessKey -d actions=webhook -d action.webhook.param.url="https://your.server.com/api/v1/webhook"

<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Argument "action.webhook.param.url" is not supported by this handler.</msg>
</messages>
</response>

No matter what i try i get the unsupported error. This is on a Splunk Cloud instance. Is this accurate or is there another way of creating an alert with a webhook action?

Many thanks!

@sddunne Is this report or alert ?

Hey @harsmarvania57 , it's an alert.

I'm trying to programatically create alerts with a webhook action. When we onboard a new service, we set up a dedicated index and would like to be able to deploy our standard set of alerts as part of the onboarding process (we currently set up all the alerts manually in the console).

Many thanks,
Sean.

Is it possible you to provide how are you creating alert ? Also it will be good to create new question and refer this link in that question.

Hi @harsmarvania57 ,

I found the problem, it was generating them as reports and so they were not showing up in the console in the 'alerts' section. 

Do you know what i need to set on the report to make it show up as an alert?

Sean.

Did you find out how can we save it as alert? A new report is getting created.

HI there, i tried to use this and i get an error saying;

curl -k -u<removedforsecurity>:<removedforsecurity> https://<removedforsecurity>.splunkcloud.com:8089/servicesNS/cmpapi/search/saved/searches/seantest-CreateAccessKey -d actions=webhook -d action.webhook.param.url="https://your.server.com/api/v1/webhook"

<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Argument "action.webhook.param.url" is not supported by this handler.</msg>
</messages>
</response>

No matter what i try i get the unsupported error. This is on a Splunk Cloud instance. Is this accurate or is there another way of creating an alert with a webhook action?

Many thanks!

Surprised why it is not there available on the documentation.

How I can pass any other parameters to my POST method using this approach?

Hello @santosh_sshanbhag , I would just like to ask if you were able to have a solution for your inquiry?