In Splunk enterprise search, we can save the search query as alert and a corresponding action will be executed(webhook). I want to monitor failed webhook that Splunk enterprise sends. How can I do that? should I search index=_internal
For a simple list of all webhook activity:
index=_* webhook
_* - searches all internal logs
webhook - returns anything with webhook in _raw event
You could then narrow down your search with more specifics in the command line.. host=xxxxx.... etc.
Hi @adrianbelen,
You can cehck webhook alert action in splunk with query index=_internal sourcetype=splunkd component=sendmodalert action="webhook"
I hope this helps.
Thanks,
Harshil