Modifying webhook datapayload

SuganyaSSF · ‎05-08-2017

Hi ,

We are using webhook in an alert action to posts the results using rest api.
But the rest api requires data payload (JSON Object) with some additional details that we need to send from our end.
Is it possible to customize the data payload that web hook provides.
Or we need to create customized alert action.

It would be very helpful if i get any information on this.

mroman_splunk · ‎03-07-2018

Hello per the documentation on the developer website:

"The webhook functionality is built into Splunk Enterprise as an app, and is located here: $SPLUNK_HOME/etc/apps/alert_webhook. If you are so inclined, you can clone it, and then modify it however you want. For example, you might choose to do this if your application accepts a specific payload that does not match to the Splunk Enterprise default."

http://dev.splunk.com/view/dev-guide/SP-CAAAE7A

paolananci · ‎01-22-2018

Any news on the topic? I am interested as well.

mroman_splunk · ‎03-07-2018

Hello per the documentation on the developer website:

"The webhook functionality is built into Splunk Enterprise as an app, and is located here: $SPLUNK_HOME/etc/apps/alert_webhook. If you are so inclined, you can clone it, and then modify it however you want. For example, you might choose to do this if your application accepts a specific payload that does not match to the Splunk Enterprise default."

http://dev.splunk.com/view/dev-guide/SP-CAAAE7A

Modifying webhook datapayload

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...