how to config webhook payload for an alert action...

Marcus-advent · ‎06-27-2024

I want to custom payload for webhook ，but in webhook UI，only a input box for url ,I don't know where I can configure the payload parameter . thanks

tscroggins · ‎06-30-2024

Hi @Marcus-advent,

The only parameter configurable via Splunk Web is the URL, which must be properly encoded.

The webhook alert action uses a predefined JSON object body. The field values from the first result of your alert search will be added to the body's result field. See https://docs.splunk.com/Documentation/Splunk/latest/Alert/Webhooks for more information.

The webhook source code is very simple. You can view it directly in $SPLUNK_HOME/etc/apps/alert_webhook/bin/webhook.py or by downloading and extracting a copy of Splunk Enterprise for any platform if you don't have access to your Splunk instance.

Marcus-advent · ‎06-30-2024

This means that we can only return the standard content. Can't be customized? Will these contain log message, resource, resourceType?

And I have this post interface

like this https://abc.ssnc-corp.cloud/splunk

I asked the my splunk administrator to add “ssnc-corp.cloud” to the allow list, but it didn't seem to work. Do we need to restart splunk？ What if I can check the reason why it does not take effect?

how to config webhook payload for an alert action？

alert action

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout