Fetch Splunk data commands, alert-actions, fired alerts, catalog-metrics, search job by sid etc from Maira workflows. You can also configure splunk webhook to send events to Maira.
splunk integration gives you ability to retive your splunk data commands, alert-actions, catalog-metrics, search jobs by search-id etc from Maira workflows. You can also configure splunk webhook to send events to Maira.
For integrating with splunk, you have to download splunk enterprise edition and you need to provide your splunk authorization token. Make sure that the you are running splunk in localhost and configure it.
Below is sample configuration for enabling splunk integration through Helm Chart Values file
- disabled tag can be set to true to temporarily disable the service without removing the config
- multiple clusters can be added under tag "clusters"
- tag "tls_config" is optional
Below is sample configuration for enabling pagerduty integration
Instructions to add a webhook
Maira client can add a webhook to store events related to splunk like reports and alerts of a search-job in Maira. After addding webhook, for every alert action a new Maira event is created and can be monitored using event commands.
To enable authorization for webhooks in splunk, we have developed a custom webhook app
1. Download custom webhook app from https://github.com/pavansubhakar/splunk_alert_webhook.
2. Replace the folder /opt/splunk/etc/apps/alert_webhook with the alert_webhook folder in the above repository with downloaded app and restart the splunk service
3. Create a new alert in search and reporting app
4. Configure the alert action to trigger as required to send alerts to maira
5. Add custom webhook in trigger actions
6. In the dialog box, enter these values:
- Enter the webhook url :
- Enter Token url,Client ID, Client secret and custom payload
- click on save
- you can edit configuration of alert from alerts tab