Configure the webhook in Splunk Observability

Configure webhook endpoints so that Splunk Observability can use the endpoint to communicate with Incident Response.

Before you begin

Role required: Responder, Manager, or Administrator

About this task

Note: While this integration with a third-party product is supported, the documentation here is based upon information provided by that third-party. More current information about the operation of that third-party’s system may be available from them directly.


  1. Log in to Splunk Observability Cloud.
  2. From the left navigation menu, select Data Setup.
  3. In the Integrate Your Data section, from the integration filter menu, select All.
  4. Search for Webhook in the Search field and click the Webhook tile.
    Select the Webhook tile.
  5. In the Webhook page click New Integration.
  6. In the form fill in the fields:
    Field Description
    Name Name for the integration.
    URL Webhook URL copied from LIR.
    New webhook integration.

    The remaining fields are optional.

  7. Click Save.

What to do next

Add the webhook notification to the Detector for which you want LIR to handle the alerts.
  1. From the left navigation menu, select  Alerts & Detectors and click New Detector.
  2. Enter a name for the detector and click Create Alert Rule.
  3. Enter the details for your alert. For detailed information, see Create detectors to trigger alerts.
  4. In the Alert recipients section, click Add Recipient and click Webhook.

    Add recipient as webhook.

  5. Select the webhook integration created for LIR.

    Select webhook integration created for LIR.

  6. Click Activate Alert Rule.