Solved: webhook: unable to read POST data

sistemistiposta · ‎06-21-2017

Hello Splunk users,
I'm sorry for this trivial question, but I can't understand.

How can I read the HTTP POST data from webhook alert action?

I wrote this webhook script:

<?php

file_put_contents('postalert', print_r($_POST, true));

?>

But when it triggers, I only see an empty array as result:
Array ( )
I'm sad. Where am I wrong?

Thank you very much

Warm Regards
Marco

daxsmartpak · ‎04-20-2019

I was having the same issue and was able to find the answer with the following StackOverflow article, excerpted here:

The PHP superglobal $_POST is only is supposed to wrap data that is either

application/x-www-form-urlencoded (standard content type for simple form-posts) or
multipart/form-data-encoded (mostly used for file uploads)

You need to fetch it yourself in RAW format with:
file_get_contents('php://input')

daxsmartpak · ‎04-20-2019

I was having the same issue and was able to find the answer with the following StackOverflow article, excerpted here:

The PHP superglobal $_POST is only is supposed to wrap data that is either

application/x-www-form-urlencoded (standard content type for simple form-posts) or
multipart/form-data-encoded (mostly used for file uploads)

You need to fetch it yourself in RAW format with:
file_get_contents('php://input')

webhook: unable to read POST data