The search I made into an alert seems to function, but claims "There are no fired events for this alert.", yet every 15 minutes after the hour, I receive the webHook to http://requestb.in/ >.
I am in the process of making an API to receive the JSON and parse it server side. Is this what webHooks are designed for? Are there other tools I should be using to monitor errors made from a specific search? I want to compare them to previous days data with the outlook of filtering new results to a specific list, then assigning the errors based on code classes to a list of developers that would likely work on such aspects of the project.
I am lost at why my trigger is being triggered, but the trigger claims no events. Also, if what I am doing is the purpose of webHooks, is there other tooling built-in to accomplish this?
This has been documented in the link, https://docs.splunk.com/Documentation/Splunk/6.5.1/Alert/Triggeredalertaction
Add an alert to the Triggered Alerts list
1. Use one of the following options depending on whether you are creating a new alert or editing an existing alert.
* Create a new alert From the Search page in the Search and Reporting app, select Save As > Alert. Enter alert details and configure triggering and throttling as needed.
* Edit an existing alert From the Alerts page in the Search and Reporting app, select Edit>Edit actions for an existing alert.
2. From the Add Actions menu, select Add to triggered alerts.
3. Select an alert Severity level.
Severity levels are informational only. They are used to group alerts in the Triggered Alerts list. The default level is Medium.
4. Click Save.
You might want to start by reviewing the following documentation resources on webhooks and setting up alerts. It sounds like a webhook is the best alert action for your use case. But, you may need to adjust the triggering condition or the search itself in order to get the alerting behavior you want.
Hope this helps!