Developing for Splunk Enterprise

Creating my first app/webhook - How do I get the results of the alert and add them to my payload?


I am a total noob with Splunk and Python.
I have created an app that is similar to the Webook app.
It is to send a JSON payload to a Glip webhook.
Everything works, except I would like to send the results that generated the alert.

This is my

import sys, json
import urllib2
import re
from collections import OrderedDict

def url_decode(urlstring):
    return urllib2.unquote(urlstring).decode('utf8')

def decode_all_urls(messagestring):
    urlre = r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
    return re.sub(urlre, decode_all_matching_urls, messagestring)

def decode_all_matching_urls(match):
    match =
    return url_decode(match)

def send_glip_message(settings):
    params = dict()

    # Decode the results link since it was already encoded; otherwise, it will be double encoded
    params['body'] = settings.get('message')
    params['icon'] = settings.get('iconurl')
    params['activity'] = settings.get('activity')
    params['title'] = settings.get('title')

    url = settings.get('webhook_url')

    body = json.dumps(params)
    print >> sys.stderr, 'DEBUG Calling url="%s" with body=%s' % (url, body)
    req = urllib2.Request(url, body, {"Content-Type": "application/json"})
        res = urllib2.urlopen(req)
        body =
        print >> sys.stderr, "INFO Glip API responded with HTTP status=%d" % res.code
        print >> sys.stderr, "DEBUG Glip API response: %s" % json.dumps(body)
        return 200 <= res.code < 300
    except urllib2.HTTPError, e:
        print >> sys.stderr, "ERROR Error sending message: %s" % e
        return False

if __name__ == '__main__':
    if len(sys.argv) > 1 and sys.argv[1] == "--execute":
        payload = json.loads(
        config = payload.get('configuration')
        if not send_glip_message(config):
            print >> sys.stderr, "FATAL Sending the glip message failed"

So I am not sure how to get the results of the alert and add them to my payload.
Thanks for any help.

0 Karma

Path Finder
0 Karma