Brendan Cooper
I am a Splunk Professional Services consultant working for JDS Australia (https://www.jds.net.au), in Sydney, Australia.
Enables an alert action that can send customised HTTP/REST requests to an endpoint. You can use search results from the alert to populate all the core fields of of the request including endpoint, headers, query string parameters and payload.
After creating an alert, add the HTTP Alert Action at the bottom of the dialog. From there populate the fields as required. For most of the fields you can parameterise data by enclosing the fields in {field_name}. Additional fields are seperated by &
For example, you could set a custom header with the following X-Forwarded-For={host}&Authorization=Splunk {token}
The fields you specify must exist exactly as named in the search results or substitution will be skipped for that section. ie If you have a payload of data={ThisFieldDoesNotExist}
and querystring of param={ThisFieldDoesExist}
then payload won't do substituion but querystring will.
Support is not guaranteed and will be provided on a best effort basis.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.