Docs » Send alert notifications to third-party services using Splunk Observability Cloud » Send alert notifications to a webhook using Splunk Observability Cloud

Send alert notifications to a webhook using Splunk Observability Cloud 🔗

You can configure Splunk Observability Cloud to automatically send alert notifications to a webhook when a condition triggers the detector and when a clear condition clears the alert.

Note

  • To add a webhook as a detector alert recipient, you must have administrator access. To get this access, an existing administrator adds it to your user profile. See Create and manage users in Splunk Observability Cloud for more information.

  • If your webhook endpoint fails to respond to a detector notification, Splunk Observability Cloud retries the notification for up to 24 hours. If your endpoint still doesn’t respond, you don’t receive the notification.

To send Splunk Observability Cloud alert notifications to a webhook, complete the following configuration tasks:

Step 1: Create a webhook 🔗

Create a webhook that listens for and receives Splunk Observability Cloud alert notification requests.

Your webhook must use a secure (HTTPS) connection and must support Transport Layer Security (TLS) 1.2 or higher.

To help secure your webhook, establish a shared secret string. When you create the webhook notification integration, you enter this string in one of the input fields. Splunk Observability Cloud uses the string as part of a cryptographic algorithm that generates a unique message code for your notification. Splunk Observability Cloud then inserts the code in the header of the outgoing webhook notification request. When your code receives the request, use the same algorithm, including the shared secret string, to generate a code. If the codes are identical, the the request to your webhook is secure and valid.

To learn more about the shared secret string, the cryptographic algorithm, and the message code, see the Shared secret section in the Splunk Observability Cloud Developers Guide.

Your webhook must return a HTTP 200 OK response code immediately after you receive the request. If Splunk Observability Cloud does not receive a 200 response code within a certain time frame, it retries the request.

Step 2: Create a webhook integration in Splunk Observability Cloud 🔗

You must be a Splunk Observability Cloud administrator to complete this task.

  1. Log in to Splunk Observability Cloud.

  2. Open the Webhook guided setup . Alternatively, you can navigate to the guided setup on your own:

    1. In the navigation menu, select Data Management.

    2. Select Add Integration.

    3. In the integration filter menu, select All.

    4. In the Search field, search for Webhook, and select it.

    5. Select New Integration to display the configuration options.

  3. On the Summary page, select Next.

  4. On the Configure connection page, enter information into the following fields:

    Field

    Description

    Name

    Give your integration a unique and descriptive name. For information about the downstream use of this name, see About naming your integrations.

    URL

    Enter the webhook URL you created in Step 1: Create a webhook.

    Method

    Select an HTTP method from the dropdown menu.

    Shared secret

    Enter the shared secret you established in Step 1: Create a webhook.

    Headers

    (Optional) Enter any HTTP header and value you want to add to HTTP requests sent to the webhook’s external site.

  5. Select Next.

  6. On the Customize message page, you see the default template for a webhook integration. You can customize your payload to make sure responders have the context needed to resolve the issues.

    For a full list of supported variables and examples, see Integrate a webhook with Splunk Observability Cloud in the Splunk Observability Cloud Developers Guide.

  7. Select Next.

  8. Review your integration and select Save.

Step 3: Add a webhook integration as a detector alert recipient in Splunk Observability Cloud 🔗

To add a webhook integration as a detector alert recipient in Splunk Observability Cloud:

  1. Create or edit a detector that you want to configure to send alert notifications using your webhook integration.

    For more information about working with detectors, see Create detectors to trigger alerts and Subscribe to alerts using the Detector menu.

  2. In the Alert recipients step, select Add Recipient.

  3. Select Webhook and then select the name of the webhook integration you want to use to send alert notifications. This is the integration name you created in Step 2: Create a webhook integration in Splunk Observability Cloud.

  4. Activate and save the detector.

Splunk Observability Cloud sends an alert notification to the webhook when the detector triggers or clears an alert.