Getting Data In

Is it possible to use a configuration stanza in webhook URL? e.g. https://`stanza[service_url]`?disposition=1&auth=`stanza[auth_token]`

ramabu
Path Finder

I am sure this is not an existing syntax 🙂 and yet - is it possible to encode such URL-s?

======================

Feb 10th:

So I will sort of repeat the question:

If I POST to e.g. https://10.41.1.136/splunk/alerts?disposition=3&auth=MyApp%20206eb5cb3c-5c70-4cb7-8844-5a0407a43ca7, then everything works fine.

But '10.41.1.136' and '206eb5cb3c-5c70-4cb7-8844-5a0407a43ca7' actually configurable for the app. Is it possible to save the search in a "formal" format, and have actual values replace the formal ones upon alert being triggered?
I did see how to reference a result field, but it's is not useful in this case.

Thanks
rama

0 Karma
1 Solution

ramabu
Path Finder

It appears that it is not possible,
But there are alternatives.

It would involve creating a custom alert action, which is actually a one-alert-app.
Once installed correctly, it shows in the list of actions in 'add actions', have a user interface, and more.
Using it, one can have the user explicitly state the required input for the action to complete successfully.

Its all here http://docs.splunk.com/Documentation/Splunk/6.3.3/AdvancedDev/ModAlertsIntro
However, I could not follow the explanation until I read it from the perspective of it being a separate add-on.

I also tried to run a python script instead of a webhook. This option is smooth, but the script has to work out the required data by parsing the attached results, which can be quite challenging; with the webhook, the "fielded" result is attached in JSON

View solution in original post

ramabu
Path Finder

It appears that it is not possible,
But there are alternatives.

It would involve creating a custom alert action, which is actually a one-alert-app.
Once installed correctly, it shows in the list of actions in 'add actions', have a user interface, and more.
Using it, one can have the user explicitly state the required input for the action to complete successfully.

Its all here http://docs.splunk.com/Documentation/Splunk/6.3.3/AdvancedDev/ModAlertsIntro
However, I could not follow the explanation until I read it from the perspective of it being a separate add-on.

I also tried to run a python script instead of a webhook. This option is smooth, but the script has to work out the required data by parsing the attached results, which can be quite challenging; with the webhook, the "fielded" result is attached in JSON

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...