Re: Modifying webhook datapayload

SuganyaSSF · ‎05-08-2017

Hi ,

We are using webhook in an alert action to posts the results using rest api.
But the rest api requires data payload (JSON Object) with some additional details that we need to send from our end.
Is it possible to customize the data payload that web hook provides.
Or we need to create customized alert action.

It would be very helpful if i get any information on this.

mroman_splunk · ‎03-07-2018

Hello per the documentation on the developer website:

"The webhook functionality is built into Splunk Enterprise as an app, and is located here: $SPLUNK_HOME/etc/apps/alert_webhook. If you are so inclined, you can clone it, and then modify it however you want. For example, you might choose to do this if your application accepts a specific payload that does not match to the Splunk Enterprise default."

http://dev.splunk.com/view/dev-guide/SP-CAAAE7A

paolananci · ‎01-22-2018

Any news on the topic? I am interested as well.

mroman_splunk · ‎03-07-2018

Hello per the documentation on the developer website:

"The webhook functionality is built into Splunk Enterprise as an app, and is located here: $SPLUNK_HOME/etc/apps/alert_webhook. If you are so inclined, you can clone it, and then modify it however you want. For example, you might choose to do this if your application accepts a specific payload that does not match to the Splunk Enterprise default."

http://dev.splunk.com/view/dev-guide/SP-CAAAE7A

Modifying webhook datapayload

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation