Archive

Setting a webhook alert via a proxy server

Engager

I'm trying to set up a webhook alert, but the splunk server cannot contact the HTTP endpoint directly and must talk HTTP via a proxy server. Is it possible to configure splunk to use a HTTP proxy?

Tags (1)

Splunk Employee
Splunk Employee

The webhook.py script doesn't take into account proxies. You can replace /opt/splunk/etc/apps/alert_webhook/webhook.py with the following, and configure the proxy instead of the existing 127.0.0.1.

import sys
import json
import urllib2
import csv
import gzip
from collections import OrderedDict


def send_webhook_request(url, body, user_agent=None):
    if url is None:
        print >> sys.stderr, "ERROR No URL provided"
        return False
    print >> sys.stderr, "INFO Sending POST request to url=%s with size=%d bytes payload" % (url, len(body))
    print >> sys.stderr, "DEBUG Body: %s" % body
    try:
        # sduff - install proxy handler
        proxy = urllib2.ProxyHandler({'http': '127.0.0.1'})
        opener = urllib2.build_opener(proxy)
        urllib2.install_opener(opener)
        # sduff - end of proxy handler code

        req = urllib2.Request(url, body, {"Content-Type": "application/json", "User-Agent": user_agent})
        res = urllib2.urlopen(req)
        if 200 <= res.code < 300:
            print >> sys.stderr, "INFO Webhook receiver responded with HTTP status=%d" % res.code
            return True
        else:
            print >> sys.stderr, "ERROR Webhook receiver responded with HTTP status=%d" % res.code
            return False
    except urllib2.HTTPError, e:
        print >> sys.stderr, "ERROR Error sending webhook request: %s" % e
    except urllib2.URLError, e:
        print >> sys.stderr, "ERROR Error sending webhook request: %s" % e
    except ValueError, e:
        print >> sys.stderr, "ERROR Invalid URL: %s" % e
    return False


if __name__ == "__main__":
    if len(sys.argv) < 2 or sys.argv[1] != "--execute":
        print >> sys.stderr, "FATAL Unsupported execution mode (expected --execute flag)"
        sys.exit(1)
    try:
        settings = json.loads(sys.stdin.read())
        url = settings['configuration'].get('url')
        body = OrderedDict(
            sid=settings.get('sid'),
            search_name=settings.get('search_name'),
            app=settings.get('app'),
            owner=settings.get('owner'),
            results_link=settings.get('results_link'),
            result=settings.get('result')
        )
        user_agent = settings['configuration'].get('user_agent', 'Splunk')
        if not send_webhook_request(url, json.dumps(body), user_agent=user_agent):
            sys.exit(2)
    except Exception, e:
        print >> sys.stderr, "ERROR Unexpected error: %s" % e
sys.exit(3)

I'll chase internally to see if this can be updated, and also made to use the proxy set in Splunk, or at least, the Environment variables.
(I'll post updates to https://gist.github.com/sduff/3c461f05f907ebd08e7f128237705a0f)

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!