how to post splunk alert severity to webhook url

srinivasup · ‎05-31-2017

hi,

I have configured an alert to run for every 5 minz and it will post the results to webhook url, when i see that json payload, im not able to find severity ,

How can i include alert severity in json automatically

woodcock · ‎05-31-2017

This is arbitrary and selected by you! You get to create the search and then you get to decide the severity that it should have when you save it as an Alert.

srinivasup · ‎05-31-2017

yeah thats fine but for each alert we configure, we have an option to choose severity, so we want to see that in payload.

woodcock · ‎05-31-2017

The severity assigned is visible in the Alert, which is an event that you can view by going to Activity -> Triggered Alerts. You can also view the severity in searches like this:

index="_audit" action="alert_fired"

And this:

index="_internal" sourcetype="scheduler" thread_id="AlertNotifier*"

woodcock · ‎05-31-2017

We need more information. What is your search string? What does your raw data look like?

srinivasup · ‎05-31-2017

I have create an alert with below query

index=_internal | table host _time

This is my query alert and it will be triggered for every 5minz, and it is posting data to webhook, and im able to see json payload but when we configure alert we can choose alert severity or priority, this values is not included in JSON payload, we want to know how to include this .

how to post splunk alert severity to webhook url

Enterprise Security Content Update (ESCU) | New Releases

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...