Search

Connect Splunk with Human Managed via API

huma
huma
  • Updated

 

You can send Splunk alerts via API to the Human Managed platform to be analyzed for various use cases. This article covers the steps to send Splunk alerts via API.  Refer to this article for steps to send Splunk alerts via Webhook.  

 

Note: This is applicable for Splunk Cloud SaaS version 9.x.x. and above.  

Note: The API endpoint URL and other required credentials / headers will be sent to you separately via the service ticket. 

 

Prerequisites 

  • Access to your Splunk Cloud SAAS Version 9 or above instance.
  • Valid credentials and permissions to configure the collector.
  • An understanding of your alert data sources and requirements.
  • Access to the secure API credentials provided by Human Managed.

 

Step 1: Create a service request ticket for Human Managed to configure the API Receiver 

  1. Submit a request 
  2. In the Subject, type or select Connect Splunk via API 
  3. Once the ticket has been accepted by Human Managed and the ticket status has been updated, follow the next steps.

Step 2: Set up a Splunk Alert

  1. Once the request has been accepted by Human Managed, log in to the Splunk web interface. 
  2. Install Alerts in API app in Splunk Cloud if not installed already. splunk guide `1.jpg
  3. Search for Alerts API and enable Alerts Actions in search to find the right match as given in below snippet:
     slunk guide 2.jpg
  4. Log in and install the App

    splunk guide 3.jpg
  5. Once installed, click Manage Apps to manage and configure the app. splunk guid 4.jpg
  6. Search the app
    splunk guide 5.jpg
  7. Set up the app and configure the API URL and header information provided by the Human Managed team.
     splunk guide 6.jpg
  8.  Save the configuration. 
  9. Click on Settings and select Searches, Reports, Alerts. 
    splunk guide 7.jpg
  10. Click on Create Alert to set up new alert. 

  11. Define the search criteria that will trigger the alert.  This could be based on specific events, patterns, or conditions in your logs. 

    Like search criteria, define other settings based on the requirement. 

    NOTE: App field needs must be set as Webhook Alert Action. splunk guide 8.jpg
  12. Configure the triggering conditions, such as the number of events or the threshold that must be met to trigger the alert.
    splunk guide 9.jpg
  13. In the Trigger Actions section, select Add Actions and choose API Alerts as the action type.
    splunk guide 10.jpg

Step 3: Save and test 

  1. Once the test has been created, Run the task manually to validate the results. 
    splunk guide 12.jpg
  2. Test the alert by triggering the conditions that you set up. Splunk will send the alert data to the configured webhook URL.

Step 4: Monitor and troubleshoot

  1. Monitor the API's endpoint to ensure that the data is being received as expected.
  2. Check Splunk's alerting history and logs to troubleshoot any issues that might arise.

    Search string: 
    index=_internal sourcetype=splunkd component=sendmodalert action="api_alerts"

    splunk guide 13.jpg

 

Backout procedure 

  1. Delete the Alert created above.
  2. Uninstall the API alert app if not required for any other process.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.