Thanks @sungod for posting your solution. I'm glad you found the webhook templates, because this is exactly what they were made for.
I started writing a template for Splunk, but did not have a test environment to verify. Here is what I have created so far, but I would love some validation. This can then be shared on our github repo containing all of our open source webhook templates.
I don't have a test system either, am reliant on the customer checking things at their end, I'd used https://webhook.site/ as a test receiver to get things to point I was ready to test with the customer.
As well as the header I used, they asked for some specific elements in the body, I don't think these are mandatory, just reflect the way they've set up Splunk for the various things they use it for. My guess is Splunk is so configurable that the body will often need adapting.
"index":"an ID the customer wanted",
"source":"another ID the customer wanted",
"sourcetype":"here they wanted Cisco-Meraki",
#in here I simply used the default Meraki template
Okay, same here. Let us know how the testing goes. There were a lot of options, so I am curious what the end-to-end solution and experience looks like. Send a screenshot of the final message in Splunk if you can (hide any sensitive info obviously).