Splunk Dev

How can I monitor my webhooks for failed webhooks that Splunk sends?

adrianbelen
New Member

In Splunk enterprise search, we can save the search query as alert and a corresponding action will be executed(webhook). I want to monitor failed webhook that Splunk enterprise sends. How can I do that? should I search index=_internal

0 Karma

stanhoener
Engager

For a simple list of all webhook activity:
index=_* webhook

_* - searches all internal logs
webhook - returns anything with webhook in _raw event

You could then narrow down your search with more specifics in the command line.. host=xxxxx.... etc.

0 Karma

harsmarvania57
Ultra Champion

Hi @adrianbelen,

You can cehck webhook alert action in splunk with query index=_internal sourcetype=splunkd component=sendmodalert action="webhook"

I hope this helps.

Thanks,
Harshil

0 Karma
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...