Has anyone been able to get this to work? I just configured it. The configuration is crazy simple...but I am getting a 400 error:
ERROR sendmodalert - action=teams STDERR - Error sending webhook request: HTTP Error 400: Bad Request
I figured out my issue. I was allowing the raw log to be passed to the alert. I think this was just too much information for the webhook receiver in Teams to handle. I changed my search to output a simple table with just a few values (which was what I actually wanted) and it worked just fine.
I figured out my issue. I was allowing the raw log to be passed to the alert. I think this was just too much information for the webhook receiver in Teams to handle. I changed my search to output a simple table with just a few values (which was what I actually wanted) and it worked just fine.
Hello - can you please post a search string example that you're sending to the alert and possible what your teams feed looks like when it receives that alert?
I am only getting one result from the table. Then a link to open in Splunk. I'd rather not.
So in short, I'm looking to expand and show more results in the Teams Feed.
I've tried removing the user agent component from the python script and that hasn't resolved the issue. I have successfully used the webhook URL in a simple curl command.
Do you have any implementation guide for splunk with ms teams?