View custom_alert_webhook on GitHub

Splunk custom http alert app

the webhook shipped with Splunk-Enterprise is very simple, and many times does it is not sufficient.

this webhook allows adding custom headers, and forwarding the search results as is without any modification.

Add to your splunk app

to add this app to your splunk instance, you need to clone this repository and add it to $SPLUNK_HOME$/etc/apps. for example $SPLUNK_HOME$/etc/apps/custom_alert_webhook.

then, go to http://<splunk-domain>:<port>/en-US/debug/refresh and click on refresh button.

after that, you would be able to see the new custom webhook options in the new alert dialog:

add action: image

the app form: image

which allows you to add custom headers and forward the search results as is without any modification.