Alerting Splunk with Webhooks

The Splunk integration allows Alerts to be delivered as messages to a http://www.splunk.com instance.

With Splunk, you can

Correlate Apica Synthetic monitoring events with multiple other systems
Use Splunk Search to locate incident alerts from keywords in the alert messages
Visualize data in Splunk's Dashboard

Note: The Apica Alerter Service uses the external address 194.213.119.5, so you need to make sure that this address is accessible in your network is open for the alerting to work.

1 Alerting Splunk with Webhooks
2 Creating a Splunk Target
- - 2.1.1 Create Splunk Target
- 2.2 Add the Splunk Target; Fields
  - 2.2.1 Target Name
  - 2.2.2 Host
  - 2.2.3 Username
  - 2.2.4 Password
  - 2.2.5 Source Type
  - 2.2.6 Source
  - 2.2.7 Message
  - 2.2.8 Add Webhook Splunk Target

Creating a Splunk Target

Splunk Targets delivers alerts to a defined Splunk integration destination.

Step	Screenshot

Step	Screenshot
Create Splunk Target Click the WebHook button
A blank target is created
Select the Splunk Service
Add the Splunk Target; Fields Target Name Enter a name that identifies the Splunk target in ASM. Host Enter the IP or hostname of the Splunk instance. The integration URL is the access point in Splunk for alert delivery. The URL format depends on your Splunk deployment type. SSL: Splunk uses SSL by default. So, if you enter a full URL with `http://`, this will automatically get overridden with `https://` for all calls to Splunk. Port: By default, the port `8089` is used to access Splunk. Username Enter the Username that logs into the Splunk instance. This must be a valid and active Splunk user with access to the REST API.	Note: For Splunk Cloud, see the Cloud Deployment section. More information on Source & Source Type, from Splunk Documentation: Splexicon: Source Type Why source types matter Splexicon: Source Use default fields Password Enter the Password is the password used to login to the Splunk instance. This can be the password for any valid and active Splunk user, but it needs to match the Splunk Username setting. Copy the password from the correct user in your Splunk instance and paste it into the text box. For the following fields, you can use Alerts Message Placeholders in the title to add dynamic information. Source Type The Source Type field is used to mark data as a particular type. It can be used for data formatting and searches. Enter a Source Type string Source The Source field is used to identify where an event originated. It can be used for indexing and searches. Enter a Source string Message The delivered alert message can use all formatting provided by Splunk, and message placeholders for ASM information.
Add Webhook Splunk Target When you are happy with all the settings, you can create the target. Click the Add Webhook Splunk Target button The Target is created, containing the selected user/targets.

ASM Documentation

Splunk (Webhook Integration)

Alerting Splunk with Webhooks

Creating a Splunk Target

Create Splunk Target

Add the Splunk Target; Fields

Target Name

Host

Username

Password

Source Type

Source

Message

Add Webhook Splunk Target