FR: WebHook type for Splunk #79

New Issue

michael · 2026-01-19T18:31:27Z

michael commented

2026-01-19 18:31:27 +00:00

Originally created by @everetteallen on GitHub.

We would like to send data directly to our Cribl and/or Splunk service using HTTP Event Collector (HEC) but the JSON sent must include the "event" field .
See https://docs.cribl.io/stream/4.0/sources-splunk-hec/
and
https://docs.splunk.com/Documentation/Splunk/9.4.0/Data/UsetheHTTPEventCollector
I am ok with a type (like for Teams) but either way will have to have the "event" field
Thank you for your consideration.

Originally created by @everetteallen on GitHub. We would like to send data directly to our Cribl and/or Splunk service using HTTP Event Collector (HEC) but the JSON sent must include the "event" field . See https://docs.cribl.io/stream/4.0/sources-splunk-hec/ and https://docs.splunk.com/Documentation/Splunk/9.4.0/Data/UsetheHTTPEventCollector I am ok with a type (like for Teams) but either way will have to have the "event" field Thank you for your consideration.

michael added the enhancement label 2026-01-19 18:31:27 +00:00

michael closed this issue

2026-01-19 18:31:27 +00:00

michael commented

2026-01-19 18:31:28 +00:00

@sbickfo2 commented on GitHub:

Adding in the "event" field to the started and finished webhooks json would be helpful for our situation as well.

We use a webhook with the serial number to kick off a flow in our integration platform (for updating the device record inventory in jamf with data from our ITAM tool), but the integration platform reads the event data which the JSM webhooks lack. We are using a script right now but would be great if we could use the JSM webhooks.

@sbickfo2 commented on GitHub: Adding in the "event" field to the started and finished webhooks json would be helpful for our situation as well. We use a webhook with the serial number to kick off a flow in our integration platform (for updating the device record inventory in jamf with data from our ITAM tool), but the integration platform reads the event data which the JSM webhooks lack. We are using a script right now but would be great if we could use the JSM webhooks.

michael commented

2026-01-19 18:31:28 +00:00

@scriptingosx commented on GitHub:

so either tool just needs a to-level event field? What should its value be?

@scriptingosx commented on GitHub: so either tool just needs a to-level `event` field? What should its value be?

michael commented

2026-01-19 18:31:28 +00:00

@scriptingosx commented on GitHub:

please test with https://github.com/jamf/Setup-Manager/releases/tag/v1.2beta3

@scriptingosx commented on GitHub: please test with https://github.com/jamf/Setup-Manager/releases/tag/v1.2beta3

michael commented

2026-01-19 18:31:28 +00:00

@everetteallen commented on GitHub:

Yes. My suggestion would be the app identifier and the event like
com.jamf.setupmanager.started
and
com.jamf.setupmanager.finished

@everetteallen commented on GitHub: Yes. My suggestion would be the app identifier and the event like com.jamf.setupmanager.started and com.jamf.setupmanager.finished

michael commented

2026-01-19 18:31:28 +00:00

@sbickfo2 commented on GitHub:

you can disregard my earlier comment, i am testing the new 1.2 beta and it seems our tool (teamdynamix iPaaS) can read the data sent from the webhook if i have JSM format it for teams (despite it not being Teams), not sure why ipaas had a hard time parsing the raw data from the standard webhook but this will work for us

@sbickfo2 commented on GitHub: you can disregard my earlier comment, i am testing the new 1.2 beta and it seems our tool (teamdynamix iPaaS) can read the data sent from the webhook if i have JSM format it for teams (despite it not being Teams), not sure why ipaas had a hard time parsing the raw data from the standard webhook but this will work for us

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: jamf/Setup-Manager#79