Re: Modifying webhook datapayload

SuganyaSSF · ‎05-08-2017

Hi ,

We are using webhook in an alert action to posts the results using rest api.
But the rest api requires data payload (JSON Object) with some additional details that we need to send from our end.
Is it possible to customize the data payload that web hook provides.
Or we need to create customized alert action.

It would be very helpful if i get any information on this.

mroman_splunk · ‎03-07-2018

Hello per the documentation on the developer website:

"The webhook functionality is built into Splunk Enterprise as an app, and is located here: $SPLUNK_HOME/etc/apps/alert_webhook. If you are so inclined, you can clone it, and then modify it however you want. For example, you might choose to do this if your application accepts a specific payload that does not match to the Splunk Enterprise default."

http://dev.splunk.com/view/dev-guide/SP-CAAAE7A

paolananci · ‎01-22-2018

Any news on the topic? I am interested as well.

mroman_splunk · ‎03-07-2018

Hello per the documentation on the developer website:

"The webhook functionality is built into Splunk Enterprise as an app, and is located here: $SPLUNK_HOME/etc/apps/alert_webhook. If you are so inclined, you can clone it, and then modify it however you want. For example, you might choose to do this if your application accepts a specific payload that does not match to the Splunk Enterprise default."

http://dev.splunk.com/view/dev-guide/SP-CAAAE7A

Modifying webhook datapayload

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases