Hi
Splunk enterprise.
We currently have many event rules to manage from various sources in PagerDuty, the issue we have is that Splunk uses different payloads to our other sources. This results in us having to create a separate event rule in PagerDuty to route our splunk alerts and our rules are doubling due to this and becoming hard to manage.
Our other sources use V2 and the key detail we use to route our alerts are in custom_details, however splunk is completely different. Is there anyway we can set the custom_details payload within a splunk query?
Thanks