I dont know if this is a bit overkill but you could write a python app to receive the wehook, and then recompose the json - I've been messing around with this today.  So you'd end up with a gateway - but a stateless one - here's some code - it's a spike, so dont take it too literally: It creates an endpoint http://localhost:5000/splunk were you can take the use in splunk as a webhook target and take the original json payload and change its shape and post it to a discord channel (no cost etc.) from asyncio.log import logger from email import header from urllib import response import requests import json from loguru import logger from flask import Flask, request, json app = Flask(__name__) def discord_message(url, message): headers = { "Accept": "application/json", "Content-Type": "application/json", "X-HTTP-Method-Override": "PUT" } data = { "content": message } payload = json.dumps(data) logger.info(f'Sending webhook message {message}') response = requests.post(url, headers=headers, data=payload) logger.info(f'{response}') @app.route('/splunk',methods=['POST']) def splunk(): data = request.json logger.debug(data) discord_webhook = "https://discordapp.com/api/webhooks/SOME_WEBHOOK!!" message = (f'Attack detected see search: {data["results_link"]}') discord_message(discord_webhook, message) logger.debug(message) return data def main(): app.run(debug=True, host="0.0.0.0") if __name__ == "__main__": main() if there's a better way of doing this Id really be interested 🙂 ... hmm thinking about it an aws have some really interesting event bridge logic you could prob use and plumb it into a lambda ... View more