Jamf Pro Webhooks for Splunk

The Webhooks settings in Jamf Pro allow you to create outbound webhooks for any event in the Events API. In conjunction with the Events API, webhooks allow you to use real-time events from Jamf Pro to build custom workflows on-demand using the programming language of your choice. For example, you could configure a webhook to send an event to an instant message plug-in you have written that will notify a chatroom when a third-party macOS software title in Jamf Pro has been updated.

Webhooks are better-suited for real-time event reporting and are more efficient than the Jamf Pro Add-on for Splunk when you want to import data immediately.

Configuring Splunk to Collect Webhooks

To collect data from Jamf Pro webhooks, you must configure an HTTP event collector in your Splunk instance, and then create a new event collector token.

When configuring global settings for the HTTP event collector, make sure the following settings are used:
  • Tokens enabled

  • SSL enabled

  • The default HTTP ports used by Splunk:
    • Splunk EnterprisePort 8088
    • Splunk CloudPort 443

For instructions, see the Set up and use HTTP Event Collector in Splunk Web documentation from Splunk.

Configuring Webhooks in Jamf Pro

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click Webhooks .
  3. Click New .
  4. Enter a display name for the webhook, such as "Splunk Events".
  5. Enter the full HTTP event collector endpoint in the Webhook URL field.

    To determine this value, see the "Send data to HTTP Event Collector" section in the Set up and use HTTP Event Collector in Splunk Web documentation from Splunk.

  6. Choose Basic Authentication from the Authentication Type pop-up menu.
  7. Enter the connection timeout for the webhook.
  8. Enter the read timeout for the webhook.
  9. Choose XML or JSON as the format for sending the webhook information. JSON is the most commonly used format.
  10. Choose the event that will trigger the webhook.
  11. Click Save .

Your webhook will start sending events to Splunk based on the configured event trigger.

For information on supported webhooks, see Webhooks on the Jamf Developer Portal.