How to Set up an Incoming Webhook from IFTTT¶

You can use IFTTT to push data to your Splunk install via a Webhook. Here is how you do it:

Step 1: Create Input in Splunk¶

Create a webhook in Splunk if you have not done so already.

Step 2: Configure Maker Channel in IFTTT (an outgoing Webhook)¶

Use the Maker channel in IFTTT to push data to your Splunk install. To do this, make a new applet with a "then" action that executes a webhook.

Here are some details on how to set this up:

1. Make sure the URL is to your Splunk install and uses the port you set when you created the Webhook input
2. You can pass the data via the URL (e.g. https://webhook.mysplunkinstall.net/ifttt/splunk_news?title={{EntryTitle}}&url={{EntryUrl}})
3. You can also pass data in the body. To do so set the following:
   1. Make sure the method is a POST
   2. You can send structured data (that is, field/values pairs) that will be automatically parsed into Splunk by sending JSON. To do this, use the content type is "application/JSON". Otherwise, use "plain/text" if you just want the data ingested as text.
   3. If you chose "application/JSON" format, then make sure the data you entered into the "Body" field is valid JSON. You can do this by entering the body at http://jsonparseronline.com/ and ensuring it is indicated as valid.

Below is an example of sending an RSS feed to Splunk: