All Apps and Add-ons

Webhook data not being indexed but receiving connections

jpolcari
Communicator

Having some trouble getting webhook data into Splunk. I've configured the webhook input with a certificate and it is successfully receiving connections but the only data that is being indexed is (I have many of these events):

path=/adyen full_path=/adyen query="" command=POST client_address=xxx.xxx.xxx.xxx client_port=51926

For reference, this is what i'm currently trying to ingest: https://docs.adyen.com/developers/notifications/set-up-notifications

I don't see any type of errors within the log file. Anything advice to help troubleshoot?

0 Karma
1 Solution

jpolcari
Communicator

Ended up solving my own question. The content-type that was being sent included the charset (content-type="application/json; charset=utf-8"). After making a minor change to webhook.py to check for application/json* my events started coming in.

View solution in original post

0 Karma

LukeMurphey
Champion

This is a bug. I'm going to fix this in a new release. I have this planned for version 1.2.2 (see bug report 2335).

0 Karma

jpolcari
Communicator

Ended up solving my own question. The content-type that was being sent included the charset (content-type="application/json; charset=utf-8"). After making a minor change to webhook.py to check for application/json* my events started coming in.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...