When working with webhooks, some services require transformation or formatting of the data before it can be used. In these cases, it's possible to use a combination of Kisi's external webhook integration alongside a script or service that can accept the raw event data, then format and POST it to a secondary address.
In this example, we will demonstrate forwarding events from Kisi into Splunk Cloud. Splunk Cloud requires an authorization header token to be included any requests to successfully enter data into an index. Because the Kisi Webhook integration does not support custom headers, we'll be using an intermediate service called Zapier to capture and resend the data in the format Splunk expects.
Create Splunk Token
Under Settings/Data inputs, create a new HTTP Event Collector. Choose a name, then click Next.
For Input Settings, under the Index section, choose the default index where the Kisi data should appear. Select Review when done.
On the final page of the setup, you'll see Token has been created successfully. This value will be used in the Authentication header of the Zapier setup below.
Set up Zapier Trigger
In Zapier, click the Make a Zap button and choose Webhooks as the Trigger. Choose Catch Hook as the Trigger Event and select Continue.
In the next area, you're presented with a Custom Webhook URL. Copy this address, and navigate to your Kisi Admin app
Create Kisi Integration
Under Setup/Integrations, choose Add Integration and create a new Event Webhook integration using the address copied from Zapier.
Set up Zapier Action
Save the Kisi integration, then return to Zapier and choose the Continue. You can test the trigger and verify it can read any recent Kisi events:
Choose Continue and move on to Step 2/Action setup. Again, choose Webhooks, make the Action Event Custom Request, then press Continue.
Under Set up action, choose POST as the Method, and enter the collector URL for your Splunk Cloud instance, for example
Enable Data Pass-Through, and add an Authorization header using the token you generated in your Splunk Cloud Admin setup.
Choose Continue and test the Zap or turn it on. New events in Kisi will trigger to the catch webhook, then POST to Splunk. You can verify this in Splunk by searching the index configured for Kisi events: