All Apps and Add-ons

Microsoft Teams Webhook Alert Connector: Receiving "Error 400: Bad Request" after configuration. Has anyone been able to get this add-on to work?

ddavenpo
Explorer

Has anyone been able to get this to work? I just configured it. The configuration is crazy simple...but I am getting a 400 error:

ERROR sendmodalert - action=teams STDERR -  Error sending webhook request: HTTP Error 400: Bad Request
0 Karma
1 Solution

ddavenpo
Explorer

I figured out my issue. I was allowing the raw log to be passed to the alert. I think this was just too much information for the webhook receiver in Teams to handle. I changed my search to output a simple table with just a few values (which was what I actually wanted) and it worked just fine.

View solution in original post

ddavenpo
Explorer

I figured out my issue. I was allowing the raw log to be passed to the alert. I think this was just too much information for the webhook receiver in Teams to handle. I changed my search to output a simple table with just a few values (which was what I actually wanted) and it worked just fine.

cchimento
Path Finder

Hello - can you please post a search string example that you're sending to the alert and possible what your teams feed looks like when it receives that alert?

I am only getting one result from the table. Then a link to open in Splunk. I'd rather not.

So in short, I'm looking to expand and show more results in the Teams Feed.

0 Karma

ddavenpo
Explorer

I've tried removing the user agent component from the python script and that hasn't resolved the issue. I have successfully used the webhook URL in a simple curl command.

0 Karma

jesusreyes
New Member

Do you have any implementation guide for splunk with ms teams?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...