Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Dev
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Creating my first app/webhook - How do I get the r...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Creating my first app/webhook - How do I get the results of the alert and add them to my payload?
paries
Explorer
10-18-2017
02:09 PM
Hello,
I am a total noob with Splunk and Python.
I have created an app that is similar to the Webook app.
It is to send a JSON payload to a Glip webhook.
Everything works, except I would like to send the results that generated the alert.
This is my glip.py
import sys, json
import urllib2
import re
from collections import OrderedDict
def url_decode(urlstring):
return urllib2.unquote(urlstring).decode('utf8')
def decode_all_urls(messagestring):
urlre = r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
return re.sub(urlre, decode_all_matching_urls, messagestring)
def decode_all_matching_urls(match):
match = match.group()
return url_decode(match)
def send_glip_message(settings):
params = dict()
# Decode the results link since it was already encoded; otherwise, it will be double encoded
params['body'] = settings.get('message')
params['icon'] = settings.get('iconurl')
params['activity'] = settings.get('activity')
params['title'] = settings.get('title')
url = settings.get('webhook_url')
body = json.dumps(params)
print >> sys.stderr, 'DEBUG Calling url="%s" with body=%s' % (url, body)
req = urllib2.Request(url, body, {"Content-Type": "application/json"})
try:
res = urllib2.urlopen(req)
body = res.read()
print >> sys.stderr, "INFO Glip API responded with HTTP status=%d" % res.code
print >> sys.stderr, "DEBUG Glip API response: %s" % json.dumps(body)
return 200 <= res.code < 300
except urllib2.HTTPError, e:
print >> sys.stderr, "ERROR Error sending message: %s" % e
return False
if __name__ == '__main__':
if len(sys.argv) > 1 and sys.argv[1] == "--execute":
payload = json.loads(sys.stdin.read())
config = payload.get('configuration')
if not send_glip_message(config):
print >> sys.stderr, "FATAL Sending the glip message failed"
So I am not sure how to get the results of the alert and add them to my payload.
Thanks for any help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
markuxProof
Path Finder
11-10-2017
10:05 AM
Hello Paries,
Maybe this help you: http://dev.splunk.com/view/dev-guide/SP-CAAAE7A#Built-in_webhook_alert_action
Get Updates on the Splunk Community!
Index This | What is broken 80% of the time by February?
December 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...
Hello Splunk Community,
We're thrilled to share an exciting update that will help you manage your data more ...
Splunk MCP & Agentic AI: Machine Data Without Limits
Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...
