-
Suggestion
-
Resolution: Unresolved
-
None
-
2
-
Regarding the webhook functionality available in the Atlassian Organizations Audit logs:
At this moment, it provides 2 fields:
- Webhook URL
- Authorisation Header
While the current options are usually enough to send the payload to their recipient, some tools require additional fields to be included in the payload.
For example, when using Splunk HTTP Event Collector (HEC), the endpoint "/services/collector/event" requires the "index" to be specified in the body. Without that information, it fails with a 400 Bad Request error.
Suggestion
Provide an option to include additional information in the body of the webhook payload.
Workaround
For Splunk specifically, it's possible to send the data to HEC using the raw endpoint:
https://your-splunk-url.com/services/collector/raw
It's also possible to consider configuring a Middleware that will transform the data and include the necessary fields:
- Receives the webhook from Atlassian.
- The middleware modifies the JSON payload to include the required field and then forwards the modified payload to the target system.