Alerting

Filter data sended using saved search with action webhook or email action

TISKAR
Builder

Hello Splunker's

I programmed a saved search with a send webhook data action to send the result in json format. I noticed that the data sent contains additional information like app name eand result_link:

INFO -: {"app" => "search", "results_link" => "http: // splk-sh: 8000 / app / search / search? ....

In fact, I don't want to display this information on my results; i searched in advanced actions i found:

action.webhook.command: sendalert $action_name$ results_file="$results.file$" results_link="$results.url$"

i tried to delete result_link but it doesn't work. 

did you encounter this problem on whebook or even email action can be the same.

Thank you

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...