Splunk (Webhook Integration)

Alerting Splunk with Webhooks

The Splunk integration allows Alerts to be delivered as messages to a http://www.splunk.com instance.

With Splunk, you can

  • Correlate Apica Synthetic monitoring events with multiple other systems

  • Use Splunk Search to locate incident alerts from keywords in the alert messages

  • Visualize data in Splunk's Dashboard

Note: The Apica Alerter Service uses the external address 194.213.119.5, so you need to make sure that this address is accessible in your network is open for the alerting to work.

 

Creating a Splunk Target

Splunk Targets delivers alerts to a defined Splunk integration destination.

Step

Screenshot

Step

Screenshot

Create Splunk Target

  • Click the WebHook button

A blank target is created

Select the Splunk Service

Add the Splunk Target; Fields

Target Name

  • Enter a name that identifies the Splunk target in ASM.

Host

  • Enter the IP or hostname of the Splunk instance.

  • The integration URL is the access point in Splunk for alert delivery. The URL format depends on your Splunk deployment type.

  • SSL: Splunk uses SSL by default. So, if you enter a full URL with http://, this will automatically get overridden with https:// for all calls to Splunk.

  • Port: By default, the port 8089 is used to access Splunk.

Username

  • Enter the Username that logs into the Splunk instance.

  • This must be a valid and active Splunk user with access to the REST API.

 

Note: For Splunk Cloud, see the Cloud Deployment section.

More information on Source & Source Type, from Splunk Documentation:

Password

  • Enter the Password is the password used to login to the Splunk instance.

  • This can be the password for any valid and active Splunk user, but it needs to match the Splunk Username setting.

  • Copy the password from the correct user in your Splunk instance and paste it into the text box.

For the following fields, you can use Alerts Message Placeholders in the title to add dynamic information.

Source Type

The Source Type field is used to mark data as a particular type. It can be used for data formatting and searches.

  • Enter a Source Type string

Source

The Source field is used to identify where an event originated. It can be used for indexing and searches.

  • Enter a Source string

Message

  • The delivered alert message can use all formatting provided by Splunk, and message placeholders for ASM information.

Add Webhook Splunk Target

When you are happy with all the settings, you can create the target.

  • Click the Add Webhook Splunk Target button

The Target is created, containing the selected user/targets.

 

Can't find what you're looking for? Send an E-mail to support@apica.io