All Apps and Add-ons

Is there any documentation that can help with the actual format that should be followed for the fields defined in the HTTP Alert Action App?

mapercivaldangl
New Member

Not sure I am following the correct format for the fields defined in the app. I have added the HTTP Alert Action to my alert and entered the required values but I am unable to confirm if the field format is correct?

Tags (1)
0 Karma

brendanmacooper
Explorer

I personally use the excellent RequestBin.com site to test all my config.

  • Endpoint = https://xxxxxxxxxxx.x.pipedream.net/
  • Query string params (optional) - Query string is commonly denoted keyvalues after a question mark. IE www.example.splunkcloud.com/en-GB/account/login?loginType=splunk. In this example loginType=splunk is a querystring.
  • Custom headers (optional) = These allow you to add custom headers. This is most commonly used for basic authentication.
  • Payload = If your search returns the fields Test & Source then you could specify source={source};test={test}. To send JSON in this version of the app. You must construct the JSON string in your SPL search IE |eval json="{source:'".source."',test:'".test."'}" and then reference that field IE Payload = {json} I admit this is clunky and would be hard to maintain for long JSON values; I'd suggest a purpose-built app if your JSON is complex or nested.
  • HTTP Method =POST
  • Ingest response to index = If you wish you ingest the response, specific the index here
  • Ingest Safety Max Size = This is the safety net to stop ingesting values greater than expected. If you don't want to ingest the response, set the value to 0

Should be able to identify errors with the following search. "index=_internal sourcetype=splunkd component=sendmodalert action="send_custom_rest_request"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...