Follow the steps below to configure a service so as to extract its related alert data from Splunk. Squadcast will then process this information to create incidents for this service as per your preferences.
On the Sidebar, click on Services.
You can either navigate to an existing service or make a new one by clicking on “Add Service”.
Check the service details like name, description, and the associated escalation policy for this service and make sure it is correctly entered.
From the integration types drop down select the integration type as “Splunk”. You will be shown your Splunk webhook URL and click Save.
In your Splunk dashboard, click on Search & Reporting under Apps.
Do the required search and then click on Save As and select Alert.
In the Save As Alert box, enter the title, description and other Trigger Conditions and under Trigger Actions, click on the Add Actions button and select Webhook and enter the webhook url from the previous step under URL and click the Save button.
That's it! The Splunk Integration is completed and whenever an alert is fired for your search query, an alert will get created in Squadcast as well.
Updated about a month ago