Documentation Suggestion #60
Labels
enhancement
New feature or request
Comments
|
@dave-safian-kyndryl this has been driving me nuts! I'm using Splunk Cloud and couldn't figure out why in the world my webhook configuration wasn't working. I couldn't even modify the allowQuery portion, makes total sense that you have to contact support. At least for now, with your suggestion, I got my webhooks to successfully deliver to my Splunk Cloud instance. Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In regards to configuring webhooks in github (github_webhooks.MD) you can use basic auth instead.
Advantages: HEC token isn't passed as part of the URL (which is visible and will get logged everywhere)
Does not require allowQueryStringAuth = true on the HEC Endpoint. In Splunk Cloud, you gotta get Splunk support to enable it even.
All that needs to change in the webhook configuration is:
AuthQueryToken:
https://YOUR SPLUNK URL:8088/services/collector/raw?token=THE TOKEN FROM ABOVE.
BasicAuth:
https://xxxxx:THETOKENFROMABOVE@YOUR SPLUNK URL:8088/services/collector/raw
Username doesn't matter (xxxxx). Token is used as the password for basic auth.
The text was updated successfully, but these errors were encountered: