{"id":3941,"date":"2018-12-12T09:46:54","date_gmt":"2018-12-12T14:46:54","guid":{"rendered":"http:\/\/lisa.rushworth.us\/?p=3941"},"modified":"2018-12-12T15:14:09","modified_gmt":"2018-12-12T20:14:09","slug":"splunk-teams-connector-followup","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=3941","title":{"rendered":"Splunk Teams Connector &#8211; Followup"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">We managed to use the stock <a rel=\"noreferrer noopener\" aria-label=\"We managed to use the stock Teams webhook app in Splunk -- just needed to modify the search being used. \n (opens in a new tab)\" href=\"https:\/\/splunkbase.splunk.com\/app\/3375\/\" target=\"_blank\">Teams webhook app in Splunk<\/a> &#8212; just needed to modify the search being used. Adding &#8220;|table&#8221; and specific fields to be included in the table avoids having to filter the list data within the Python code<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"245\" src=\"http:\/\/lisa.rushworth.us\/wp-content\/uploads\/2018\/12\/Teams-Splunk98-1024x245.png\" alt=\"\" class=\"wp-image-3942\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk98-1024x245.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk98-300x72.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk98-768x184.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk98.png 1674w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">There <em>still<\/em> is a tweak to the code that I prefer &#8212; Python lists aren&#8217;t in any particular order. I&#8217;d like to be able to look the same place in the Teams post to see a particular field. Adding a sort when the facts array is put into the post body ensures the fields are in the same order each time. <br><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>        sections=[\n            {\"activityTitle\": settings.get(\"search_name\") + \" was triggered\"},\n            {\n                \"title\": \"Details\",\n                \"facts\": sorted(facts)\n            }\n        ],<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">And I&#8217;ve got a Teams post from Splunk with a generic script &#8212; desired fields are specified within the search, so can be easily changed.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"400\" src=\"http:\/\/lisa.rushworth.us\/wp-content\/uploads\/2018\/12\/Teams-Splunk97-1024x400.png\" alt=\"\" class=\"wp-image-3943\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk97-1024x400.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk97-300x117.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk97-768x300.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2018\/12\/Teams-Splunk97.png 1226w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>We managed to use the stock Teams webhook app in Splunk &#8212; just needed to modify the search being used. Adding &#8220;|table&#8221; and specific fields to be included in the table avoids having to filter the list data within the Python code There still is a tweak to the code that I prefer &#8212; Python &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[677,30],"tags":[675,666,716,717,665,718],"class_list":["post-3941","post","type-post","status-publish","format-standard","hentry","category-office-365","category-system-administration","tag-did-you-know","tag-microsoft-teams","tag-splunk","tag-splunk-enterprise","tag-teams","tag-webhook"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/3941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3941"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/3941\/revisions"}],"predecessor-version":[{"id":3944,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/3941\/revisions\/3944"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}