Solved: Webhook alert action: Why am I unable to specify a...

ramabu · ‎01-27-2016

A.
I suppose I can put the authorization token in the URL as param, but I expected to be able to specify a header.
I suppose this is not really an issue, still asking - why?

B.
The json in the webhook splunkbase document http://docs.splunk.com/Documentation/Splunk/6.3.0/Alert/Webhooks contains one result, first.

If I run the alert once per result - will it have different results on each post?
If not, then how to pass the full result set to the Servlet?

ramabu · ‎02-21-2016

No headers: That's by definition. The built-in webhook.py is for simple, no-header no-auth, interactions.
As to 'once-per-result" - yes, The single result attached to the webhook is each actual result out of the result set.

View solution in original post

ramabu · ‎02-21-2016

No headers: That's by definition. The built-in webhook.py is for simple, no-header no-auth, interactions.
As to 'once-per-result" - yes, The single result attached to the webhook is each actual result out of the result set.

Webhook alert action: Why am I unable to specify a header, and if I run the alert once per result, will it have different results on each post?

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

Webhook alert action: Why am I unable to specify a header, and if I run the alert once per result, will it have different results on each post?

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR