All Apps and Add-ons

Webhook data not being indexed but receiving connections

jpolcari
Communicator

Having some trouble getting webhook data into Splunk. I've configured the webhook input with a certificate and it is successfully receiving connections but the only data that is being indexed is (I have many of these events):

path=/adyen full_path=/adyen query="" command=POST client_address=xxx.xxx.xxx.xxx client_port=51926

For reference, this is what i'm currently trying to ingest: https://docs.adyen.com/developers/notifications/set-up-notifications

I don't see any type of errors within the log file. Anything advice to help troubleshoot?

0 Karma
1 Solution

jpolcari
Communicator

Ended up solving my own question. The content-type that was being sent included the charset (content-type="application/json; charset=utf-8"). After making a minor change to webhook.py to check for application/json* my events started coming in.

View solution in original post

0 Karma

LukeMurphey
Champion

This is a bug. I'm going to fix this in a new release. I have this planned for version 1.2.2 (see bug report 2335).

0 Karma

jpolcari
Communicator

Ended up solving my own question. The content-type that was being sent included the charset (content-type="application/json; charset=utf-8"). After making a minor change to webhook.py to check for application/json* my events started coming in.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...