How to configure POST request using webhook as an ...

AKG1_old1 · ‎03-14-2019

Hello,

I am looking to configure POST request using webhook as an Alert action.

Issue is I am not sure how to configure all these details. I am only getting URL options.

Request Details:

-   URL: http://mule/issuesapi/v2/jiratst/projects/TI/issues
-   Method: POST
-   Credentials as Basic Authentication:
-   Username/Password: ***/***
-   Body

Request1:
{
  "summary": "Test to create TI issue from mule",
  "description": "Mule Testing Jira Api one level of Module",
  "type": "Incident",
  "priority": "3-Medium",
  "reporter": "ag",
  "moduleMapLevels":{"parent":"Common to All Modules"},
  "moduleMapAssets": [{"name":"Rates | IRD"},{"name":"CRD | CRD"}]
}

harsmarvania57 · ‎03-14-2019

Hi @agoyal,

You can't send custom payload using Webhook alert action, it will by default send below payload (Check $SPLUNK_HOME/vetc/apps/alert_webhook/bin/webhook.py ) which contain Job SID, Search Name, App name, owner, Job Result link and Result.

settings = json.loads(sys.stdin.read())
url = settings['configuration'].get('url')
body = OrderedDict(
    sid=settings.get('sid'),
    search_name=settings.get('search_name'),
    app=settings.get('app'),
    owner=settings.get('owner'),
    results_link=settings.get('results_link'),
    result=settings.get('result')
)

sivashanmugam · ‎05-06-2021

Hello harsmarvania57

Is it not possible to add more require field under $SPLUNK_HOME/vetc/apps/alert_webhook/bin/webhook.py ??

harsmarvania57 · ‎05-07-2021

I'll suggest you to create new app based on your requirement. As far as I know alert_webhook is default app in Splunk so whenever you'll upgrade Splunk, script will revert back.

AKG1_old1 · ‎03-14-2019

Thanks @harsmarvania57 : Any idea if there is a way to send custom payload ?

juliennerocafor · ‎05-03-2020

Hello, @agoyal . I would just like to ask if you were able to have some solutions with your question? Thank you!

jrizzo_splunk · ‎03-23-2019

Take a look at the following alert actions.
https://splunkbase.splunk.com/app/3226/

https://github.com/rzzldzzl/alert_webhook_ng

Joe

nitsingh · ‎09-11-2019

Hi @harsmarvania57 ,

I am adding a webhook url http://myhosting.com/splunk_alert and I want to get the result from alert payload. I have nodejs api where I am listing to the post request

app.post('/splunk_alert', function(request, response){
  console.log(request.body);      // your JSON
   response.send(request.body);    // echo the result back
});

Am I getting this correct? is this how I can get the result from the request body from the splunk alert?

Thanks,
Nitin

harsmarvania57 · ‎03-14-2019

Not with inbuilt webhook alert action, I’ll suggest you to create your own alert actions based on your requirement.

How to configure POST request using webhook as an Alert Action?

alert action

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation