Splunk On-Call

How to get custom alert fields, or just alert.raw on custom outgoing webhook? (Any-Incident event type)?

whyNot
Engager

hi, we have a bunch of fields that show up in the Splunk Oncall/VictorOps UI. under either "Alert Details > Alert Data > Alert Fields" or "Annotations" (screenshot below) that i'm hoping to insert into the payload body of a custom outbound webhook  of "Any-Incident" event type.

When using the VictorOps API i only see the custom fields present under the "raw" field of the GET Alert response.

I see in the Incident Fields support page some mention of custom_fields, which makes me think perhaps we could add those to payload with something like ${{ALERT.custom_fields}}, or ${{ALERT.raw}}, but at least when i tried those nothing was populated on the webhook payload for it

Since i havent been able to find documentation on how to add these custom fields, annotations, or raw alert payload to the webhook payload body and they dont appear within the suggested variables, does someone know how we would add those to the webhook body or if thats possible?  Or do i need to pull them from the Alert.raw field myself and if so how would i get that raw field on the webhook payload?

 

Thanks!

"Screenshot 2023-04-02 at 3.30.52 PM.png

Labels (3)
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...