# Splunk [Splunk](https://www.splunk.com/) is used for monitoring and searching through big data. It indexes and correlates information in a container that makes it searchable, and makes it possible to generate alerts, reports, and visualizations. You can use our Splunk integration to route details events from Splunk to the right users in Squadcast. ## How to integrate Splunk with Squadcast ### In Squadcast: Using Splunk as an Alert Source 1. Navigate to **Services** -> **Service Overview** -> select or search for your Service. Expand the accordion -> In the **Alert Sources** section, click **Add**.

How to configure Splunk integration in Squadcast — Step 1: Navigate to Splunk integration within a service

2\. Select **Splunk.** Copy the displayed **Webhook URL** to [configure](#in-splunk-create-a-squadcast-webhook-alert) it within **Splunk.** Finish by clicking **Add Alert Source** -> **Done.**

Steps to add Splunk integration to a service in Squadcast — Step 2: Add Splunk as an alert source for a service

{% hint style="warning" %} **Important:** When an alert source turns Active, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service. {% endhint %} ### In Splunk: Create a Squadcast Webhook alert 1\. In the Splunk dashboard, click on **Search & Reporting** under **Apps** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-7f35ac82d82e2f8a28a9789fc8a557616f49efd5%2FSplunk_gb_1.png?alt=media) 2\. Run your desired search query in the logs and click **Save As**. In the drop-down, click **Alert**

3\. In the **Save As Alert** box, enter the title, description, and other Trigger Conditions. You can find more information on what each of these parameters means in the [Splunk documentation](https://docs.splunk.com/Documentation/Splunk/8.1.0/Alert/Aboutalerts). 4\. Under **Trigger Actions**, click on **Add Actions** and select **Webhook** 5\. Paste the copied webhook URL from Squadcast under **URL** and click on **Save** ![Add configurations for a Webhook in Splunk](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-a78ec8efff12fa47f7b3c3eadd46a59ae38b1a43%2FSplunk_gb_3.png?alt=media) That's it! Your Splunk Integration is now complete. * Whenever an alert is fired for your search query, an incident will be created in Squadcast. ## FAQ **Q:** If an alert gets resolved in Splunk, does Splunk send auto-resolve signals to Squadcast? **A:** No, Splunk does not send auto-resolve signals to Squadcast. Hence, Squadcast incidents from Splunk should be resolved manually. *Have any other questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.squadcast.com/integrations/alert-source-integrations-native/splunk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.