Alerting
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure POST request using webhook as an Alert Action?

AKG1_old1
Builder
‎03-14-2019 05:35 AM

Hello,

I am looking to configure POST request using webhook as an Alert action.

Issue is I am not sure how to configure all these details. I am only getting URL options.

alt text

Request Details:

-   URL: http://mule/issuesapi/v2/jiratst/projects/TI/issues
-   Method: POST
-   Credentials as Basic Authentication:
-   Username/Password: ***/***
-   Body

Request1:
{
  "summary": "Test to create TI issue from mule",
  "description": "Mule Testing Jira Api one level of Module",
  "type": "Incident",
  "priority": "3-Medium",
  "reporter": "ag",
  "moduleMapLevels":{"parent":"Common to All Modules"},
  "moduleMapAssets": [{"name":"Rates | IRD"},{"name":"CRD | CRD"}]
}
Labels (1)
Labels
webhooks.png
Preview file
26 KB
0 Karma
Reply

harsmarvania57
Ultra Champion
‎03-14-2019 06:39 AM

Hi @agoyal,

You can't send custom payload using Webhook alert action, it will by default send below payload (Check $SPLUNK_HOME/vetc/apps/alert_webhook/bin/webhook.py ) which contain Job SID, Search Name, App name, owner, Job Result link and Result.

settings = json.loads(sys.stdin.read())
url = settings['configuration'].get('url')
body = OrderedDict(
    sid=settings.get('sid'),
    search_name=settings.get('search_name'),
    app=settings.get('app'),
    owner=settings.get('owner'),
    results_link=settings.get('results_link'),
    result=settings.get('result')
)
Reply

sivashanmugam
Engager
‎05-06-2021 12:08 AM

Hello harsmarvania57 

 Is it not possible to add more require field under $SPLUNK_HOME/vetc/apps/alert_webhook/bin/webhook.py ??

0 Karma
Reply

harsmarvania57
Ultra Champion
‎05-07-2021 05:30 AM

I'll suggest you to create new app based on your requirement. As far as I know alert_webhook is default app in Splunk so whenever you'll upgrade Splunk, script will revert back.

0 Karma
Reply

AKG1_old1
Builder
‎03-14-2019 07:04 AM

Thanks @harsmarvania57 : Any idea if there is a way to send custom payload ?

0 Karma
Reply

juliennerocafor
New Member
‎05-03-2020 09:55 PM

Hello, @agoyal . I would just like to ask if you were able to have some solutions with your question? Thank you!

0 Karma
Reply

jrizzo_splunk
Splunk Employee
Splunk Employee
‎03-23-2019 07:41 AM

Take a look at the following alert actions.
https://splunkbase.splunk.com/app/3226/

https://github.com/rzzldzzl/alert_webhook_ng

Joe

0 Karma
Reply

nitsingh
New Member
‎09-11-2019 12:11 PM

Hi @harsmarvania57 ,

I am adding a webhook url http://myhosting.com/splunk_alert and I want to get the result from alert payload. I have nodejs api where I am listing to the post request

app.post('/splunk_alert', function(request, response){
  console.log(request.body);      // your JSON
   response.send(request.body);    // echo the result back
});

Am I getting this correct? is this how I can get the result from the request body from the splunk alert?

Thanks,
Nitin

0 Karma
Reply

harsmarvania57
Ultra Champion
‎03-14-2019 12:25 PM

Not with inbuilt webhook alert action, I’ll suggest you to create your own alert actions based on your requirement.

0 Karma
Reply
Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...
Top