In VictorOps, under the Annotations tab in the incident, all Splunk alerts include an alert link that will direct you back to the Splunk alert. Once the specified conditions are met, you should see an alert appear in your VictorOps timeline. Additionally, you can dynamically reference Splunk fields within these assignments using tokens. If no API key or routing key is selected, alerts will be sent to the default values for these fields. You may overwrite the default values for entity_id if desired, however, you should understand how best to use this field. Select the desired message type, and use the state message field to add a brief description of what this particular alert indicates. Give the alert a title, description, and permissions as well as configure the check schedule. From a new search select Save As, then select Alert. Here is an example of setting up a new alert based on a search. Now, when creating a VictorOps alert action you will see a dropdown of all routing keys within your VictorOps organization.
Once the API Key and API ID have been saved, click Retrieve Routing Keys to retrieve the most up to date list of your organizations routing keys. If you have yet to generate your API key and ID, please enable and generate your orgs key and ID. Data API Configuration & Routing Keysįor versions 1.0.21 and above you will now be able to add your VictorOps API ID and API Key, found in VictorOps under Integrations > API, to retrieve routing keys within VictorOps. VictorOps can now be used as an Alert Action. If you have any questions, please contact VictorOps Support. To create an incident, simply change INFO to CRITICAL. To send a test alert directly to your VictorOps timeline.
To find this test alert, you’ll want to look in your Timeline instead of the Incidents tab.Īlso, from the Search app in Splunk, you can directly type | sendalert victorops ssage_type="INFO" NOTE: This test alert will not be an Incident in your org as it is an INFO alert. You will see success as well as an alert in your VictorOps timeline. Once API is saved you will be able to verify the integration by selecting Test under actions. You will also be able to access your API key by clicking the VictorOps Splunk Integration link. If the routing key is left blank, alerts will be routed to your default routing key. On the Alert API Key Configuration page, paste the API key copied earlier, along with any desired routing key from your VictorOps organization. Once your configuration is complete you will see a check next to each configuration step. You will be taken to the VictorOps Incident Response Home page which will guide you through setting up the account, configuring API keys, and testing alerts. Once Splunk has restarted, return to the Manage Apps page and click Launch App next to the VictorOps Incident Management app. Click Upload then finish the process by restarting Splunk.
#SPLUNK ITSI CLOUD UPGRADE#
tgz file downloaded earlier, check Upgrade app box to ensure your application is updated to the latest version.
#SPLUNK ITSI CLOUD INSTALL#
Next, click the button Install app from file.Ĭhoose the VictorOps for Splunk app. From the top navigation bar, expand the drop-down menu and select Manage Apps.
Start Splunk and open the web UI in a browser.
#SPLUNK ITSI CLOUD LICENSE#
Click the Download button and accept the license agreements by checking the boxes and clicking Agree to Download. įrom the VictorOps web portal, navigate to Integrations > 3rd Party Integrations > Splunk Enterprise then click Enable Integration. Copy the API key to the clipboard to use in later steps.įrom the Splunk Base, search for VictorOps, or follow this link. When updating to a newer version of the app, run the bump command to clear client and server assets that have been cached.
0 kommentar(er)
