You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In regards to configuring webhooks in github (github_webhooks.MD) you can use basic auth instead.
Advantages: HEC token isn't passed as part of the URL (which is visible and will get logged everywhere)
Does not require allowQueryStringAuth = true on the HEC Endpoint. In Splunk Cloud, you gotta get Splunk support to enable it even.
All that needs to change in the webhook configuration is:
AuthQueryToken: https://YOUR SPLUNK URL:8088/services/collector/raw?token=THE TOKEN FROM ABOVE.
@dave-safian-kyndryl this has been driving me nuts! I'm using Splunk Cloud and couldn't figure out why in the world my webhook configuration wasn't working. I couldn't even modify the allowQuery portion, makes total sense that you have to contact support.
At least for now, with your suggestion, I got my webhooks to successfully deliver to my Splunk Cloud instance. Thank you!
In regards to configuring webhooks in github (github_webhooks.MD) you can use basic auth instead.
Advantages: HEC token isn't passed as part of the URL (which is visible and will get logged everywhere)
Does not require allowQueryStringAuth = true on the HEC Endpoint. In Splunk Cloud, you gotta get Splunk support to enable it even.
All that needs to change in the webhook configuration is:
AuthQueryToken:
https://YOUR SPLUNK URL:8088/services/collector/raw?token=THE TOKEN FROM ABOVE.
BasicAuth:
https://xxxxx:THETOKENFROMABOVE@YOUR SPLUNK URL:8088/services/collector/raw
Username doesn't matter (xxxxx). Token is used as the password for basic auth.
The text was updated successfully, but these errors were encountered: