I'm trying to ingest 3-party alerts as Notable Events in IT Service Intelligence, and I'm following the steps in the docs (I don't have enough carma to post links, but google 'splunk itsi ingest third partyalerts' to see the steps).

I've completed all four steps, and I'm able to send data successfully to the itsi_tracked_alerts index. Searching the index also gives me the events as proper JSON-formatted events. But in the Notable Events Review dashboard, all I get is an event without any of the details specified in the HTTP event (e.g. title, status, severity, owner)

My test-curl on the indexer (using port 7088):

curl -k http://localhost:7088/services/collector/event -H 'Authorization: Splunk EE9572F2-6EDD-4327-8FDA-615685188824' -d '{"event": {"event_id": "5af7d8e2-afe6-11e6-81f5-001dd8b7329d","title": "Microsoft Azure AD signing key has changed","status": "1","severity": "5","owner": "unassigned" }}'

The output in Notable Events Review: