Good Day: There are a few things to consider here as I have set up the Custom Webhook from Dynatrace successfully to the Splunk HEC. Your HTTP header...instead of the word "Basic", I found the word Splunk to be something that worked for me. Not sure if Basic will work or not. There is an additional header you may need - Content-Type:application/json Issues can still arise, with these settings above, based on the payload of the Webhook. This has worked for me as the custom payload: { "sourcetype": "manual", "event": {ProblemDetailsJSON} } ... View more

Good day...as a current Dynatracer who spent a long time working in the Splunk world, I would suggest you look to move away from the Splunk App for Dynatrace based on a few factors: The App is not available for Splunk 8 You deal with troubleshooting issues like these where you're asking questions of an app you need to understand but didn't write. I recommend using the REST API Modular Input to pull data from the Dynatrace API. You can validate your API calls and results using something like Postman and then move them over the Modular input rather easily. The REST API Modular input is a long-time and well tested app in the Splunk community which is actively maintained. The only caveat is if you use Splunk Cloud, you will need to use the REST API modular input on a Heavy Forwarder to execute the API calls, and then have it send the data to your proper index on Splunk cloud. ... View more

Good day...as a current Dynatracer who spent a long time working in the Splunk world, I would suggest you look to move away from the Splunk Add-on for Dynatrace based on a few factors: The App is not available for Splunk 8 You deal with troubleshooting issues like these where you're asking questions of an app you need to understand but didn't write. I recommend using the REST API Modular Input to pull data from the Dynatrace API. You can validate your API calls and results using something like Postman and then move them over the Modular input rather easily. The REST API Modular input is a long-time and well tested app in the Splunk community which is actively maintained. The only caveat is if you use Splunk Cloud, you will need to use the REST API modular input on a Heavy Forwarder to execute the API calls, and then have it send the data to your proper index on Splunk cloud. This will also ensure you get the entire payload as you would expect from the Dynatrace API, including Tags. ... View more

Good day...as a current Dynatracer who spent a long time working in the Splunk world, I would suggest you look to move away from the Splunk App for Dynatrace based on a few factors: The App is not available for Splunk 8 You deal with troubleshooting issues like these where you're asking questions of an app you need to understand but didn't write. I recommend using the REST API Modular Input to pull data from the Dynatrace API. You can validate your API calls and results using something like Postman and then move them over the Modular input rather easily. The REST API Modular input is a long-time and well tested app in the Splunk community which is actively maintained. The only caveat is if you use Splunk Cloud, you will need to use the REST API modular input on a Heavy Forwarder to execute the API calls, and then have it send the data to your proper index on Splunk cloud. ... View more