- Custom webhooks must first be globally enabled by a global administrator.
- You need access to Splunk Cloud to use the HTTP event collector.
Follow Splunk's guide to set up an HEC, and as you do:
- set the Source type to "_json"; and,
- choose whether to Enable indexer acknowledgement.
In the Cmd web app:
- Open the drop-down menu in the top-right.
- Select Project & app settings.
- On the left-hand menu, under 'Project settings', select Integrations preferences.
- Select Webhook.
- Click Add integration in the top-right corner.
- In the pop-up, name your integration (e.g., "Splunk 1").
- Under "Webhook URL", enter
- Under "Custom JSON to send", enter the following:
[URL]with the correct HEC URI for your Splunk implementation. Use the
[KEY]with your HEC's 'token value'.
You can now test the integration by copying the curl command and executing it in your terminal. Once executed, you will receive an example alert in Splunk.
Now, you can add Splunk alerts to any of your triggers.
- An overview of third party integrations