Splunk On-Call

Like many other providers, Splunk On-Call’s integration with other services relies on a URL that is used to send alerts.

Mandatory Parameters

  • URL: This is the URL defined in the Splunk UI Integration tab that the ScaleOut Digital Twins™ service will use to send alerts to your Splunk account.

Optional Parameters

  • Routing key: If you want to route alerts to a specific subgroup or escalation policy, you can define a routing key for your alerts in Splunk’s UI. Once defined in Splunk, you can use it in the alert provider configuration to route specific events to the desired target.

Setting Up Splunk’s Integration with ScaleOut Digital Twins

Note

Disclaimer: the screenshots in this section refer to a 3rd-party website and may not reflect the latest UI but are included here to provide guidance on setting up the environment.

Open the Integration tab in the Splunk UI and select the Generic REST endpoint to create a URL

splunk1

The URL Splunk provides you is what you need to set in the alert provider’s configuration.

splunk2

Note

For the URL provided to the ScaleOut Digital Twins service, omit the ‘$routing_key’ part of the URL shown in the screenshot. If you want to provide a routing key, set the routing key parameter in the JSON file.

Configuration File Sample

Now that you created a URL in Splunk, you can add it to the alert provider’s configuration by creating an entry using the AlertProviderType “Splunk” and the URL you just created. In this example, we name our configuration ‘Splunk1’ in case we create multiple alert providers for Splunk:

 "alertProviders": [
  {
    "alertProviderType": "Splunk",
    "name": "Splunk1",
    "url": "https://alert.victorops.com/integrations/generic/2012712/alert/894fe412-1b19-4ea7-99dc-4570209afab1"
  }
]