When I get an error in Splunk I would like to send an Alert to Slack, my company blocked E-Mail for the Slack so I need to use Webhook. I have added the Webhook to the alert of my search query, however the payload is:
{
"result": {
"sourcetype" : "mongod",
"count" : "8"
},
"sid" : "scheduler_admin_search_W2_at_14232356_132",
"results_link" : "http://web.example.local:8000/app/search/@go?sid=scheduler_admin_search_W2_at_14232356_132",
"search_name" : null,
"owner" : "admin",
"app" : "search"
}
which does not tell me what this alert is about and / or any message.
Is there any way that I can modify this payload to maybe accept more metadata? Variable to a little bit more info?