A.
I suppose I can put the authorization token in the URL as param, but I expected to be able to specify a header.
I suppose this is not really an issue, still asking - why?
B.
The json in the webhook splunkbase document http://docs.splunk.com/Documentation/Splunk/6.3.0/Alert/Webhooks contains one result, first.
If I run the alert once per result - will it have different results on each post?
If not, then how to pass the full result set to the Servlet?
No headers: That's by definition. The built-in webhook.py is for simple, no-header no-auth, interactions.
As to 'once-per-result" - yes, The single result attached to the webhook is each actual result out of the result set.
No headers: That's by definition. The built-in webhook.py is for simple, no-header no-auth, interactions.
As to 'once-per-result" - yes, The single result attached to the webhook is each actual result out of the result set.