Alerting

Webhook alert action: Why am I unable to specify a header, and if I run the alert once per result, will it have different results on each post?

ramabu
Path Finder

A.
I suppose I can put the authorization token in the URL as param, but I expected to be able to specify a header.
I suppose this is not really an issue, still asking - why?

B.
The json in the webhook splunkbase document http://docs.splunk.com/Documentation/Splunk/6.3.0/Alert/Webhooks contains one result, first.

If I run the alert once per result - will it have different results on each post?
If not, then how to pass the full result set to the Servlet?

0 Karma
1 Solution

ramabu
Path Finder

No headers: That's by definition. The built-in webhook.py is for simple, no-header no-auth, interactions.
As to 'once-per-result" - yes, The single result attached to the webhook is each actual result out of the result set.

View solution in original post

0 Karma

ramabu
Path Finder

No headers: That's by definition. The built-in webhook.py is for simple, no-header no-auth, interactions.
As to 'once-per-result" - yes, The single result attached to the webhook is each actual result out of the result set.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...