Webhook API
This API request creates a webhook object that defines a remote data store as a destination for scheduled results.
See the Query API for how to schedule a query set using a remote data store.
Create a Remote Data Store
Create a remote data store by doing a POST request to /v0/webhooks.
Request Parameters
| Name | Type | Required | Default | Description | Example |
|---|---|---|---|---|---|
url |
String | Yes | - | Remote data store URL including protocol and path. | “http://myserver.com/path/to/store” |
token |
String | No | - | The token is provided in an Authorization header as a Bearer token by default, or as a Splunk token for Splunk formatted data. |
“C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361” |
label |
String | Yes | - | Human readable label stored with the newly created object. | “Webhook For My Hosts” |
fingerprint |
String | Only for self-signed server certificates | - | The SHA256 fingerprint of the destination certificate. See details on obtaining the fingerprint. | “6dd13227e7e2865abeefb2f8ad3db9d7f66dede03b76176aed7563923a0b044b” |
disabled |
Boolean | No | false | The initial disabled state of the webhook. Usually true. | true |
format |
String | No | compact | format of the results. Allowable non-default values are: ctim, azure-compact, azure-expanded splunk-compact, splunk-expanded, s3-compact, s3-expanded, compact, and expanded. See details on result formats. |
“expanded” |
bucket |
String | Only for S3 | - | Bucket for the S3 format. | “my-s3-bucket” |
region |
String | Only for S3 | - | Region for the S3 format. | “us-west-2” |
accesskey |
String | Only for S3 | - | Access key for the S3 format. | “AKIAIOSFODNN7EXAMPLE” |
secretkey |
String | Only for S3 | - | Secret key for the S3 format. | “wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY” |
Request Payload Format
{
"disabled": <disabled>,
"config": {
"url": <url>,
"token": <token>,
"fingerprint": <fingerprint>,
"label": <label>,
"format": <format>,
"bucket": <bucket>,
"region": <region>,
"accesskey": <accesskey>,
"secretkey": <secretkey>
}
}
Example of Success
http https://$service/v0/webhooks \
"Authorization:Bearer $token" \
config:='{"url":"https://mywebserver.com","label":"RDS-Name","format":"expanded","fingerprint":"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"}'
HTTP/1.1 200 OK
{
"application": "",
"config": {
"accessKey": "***",
"fingerprint": "***",
"format": "expanded",
"label": "RDS-Name",
"secretKey": "***",
"token": "***",
"url": "https://mywebserver.com"
},
"created": "2021-02-23T23:48:51.931561755Z",
"creator": "14566a47-6b79-48ea-99db-313322c5a292",
"disabled": false,
"errormessage": "",
"id": "xYGh5xZyPk0tpj6tTyWYHQ",
"lastcalled": "2021-02-23T23:48:51.941085297Z",
"laststatus": "success",
"organization": "898ef6d3-a0e2-43b0-879a-18bd8f36a5ef",
"updated": "2021-02-23T23:48:51.931561755Z"
}
Example Of Failure
http https://$service/v0/webhooks \
"Authorization:Bearer $token" \
config:='{"url":"https://myotherwebserver.com","format":"expanded","fingerprint":"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"}'
HTTP/1.1 400 Bad Request
{
"errors": [
"Failed to verify fingerprint of server certificate."
]
}
Get a Remote Data Store
View a specific remote data store by performing a GET request to /v0/webhooks/{webhookid}.
List Remote Data Stores
View all user organization remote data stores by performing a GET request to /v0/webhooks.