We managed to use the stock Teams webhook app in Splunk — just needed to modify the search being used. Adding “|table” and specific fields to be included in the table avoids having to filter the list data within the Python code

There still is a tweak to the code that I prefer — Python lists aren’t in any particular order. I’d like to be able to look the same place in the Teams post to see a particular field. Adding a sort when the facts array is put into the post body ensures the fields are in the same order each time.

        sections=[
            {"activityTitle": settings.get("search_name") + " was triggered"},
            {
                "title": "Details",
                "facts": sorted(facts)
            }
        ],

And I’ve got a Teams post from Splunk with a generic script — desired fields are specified within the search, so can be easily changed.