Splunk

Steps to configure Splunk integration for incident management, using Squadcast

Splunk is used for monitoring and searching through big data. It indexes and correlates information in a container that makes it searchable, and makes it possible to generate alerts, reports, and visualizations.

You can use our Splunk integration to route details events from Splunk to the right users in Squadcast.

How to integrate Splunk with Squadcast

In Squadcast: Using Splunk as an Alert Source

  1. Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

How to configure Splunk integration in Squadcast
Step 1: Navigate to Splunk integration within a service

2. Select Splunk. Copy the displayed Webhook URL to configure it within Splunk. Finish by clicking Add Alert Source -> Done.

Steps to add Splunk integration to a service in Squadcast
Step 2: Add Splunk as an alert source for a service

In Splunk: Create a Squadcast Webhook alert

1. In the Splunk dashboard, click on Search & Reporting under Apps

2. Run your desired search query in the logs and click Save As. In the drop-down, click Alert

Configure a Webhook in Splunk

3. In the Save As Alert box, enter the title, description, and other Trigger Conditions. You can find more information on what each of these parameters means in the Splunk documentation.

4. Under Trigger Actions, click on Add Actions and select Webhook

5. Paste the copied webhook URL from Squadcast under URL and click on Save

That's it! Your Splunk Integration is now complete.

  • Whenever an alert is fired for your search query, an incident will be created in Squadcast.

FAQ

Q: If an alert gets resolved in Splunk, does Splunk send auto-resolve signals to Squadcast?

A: No, Splunk does not send auto-resolve signals to Squadcast. Hence, Squadcast incidents from Splunk should be resolved manually.

Have any other questions? Ask the community.

Last updated

Was this helpful?