You can send Splunk alerts via API or Webhook to the Human Managed platform to be analyzed for various use cases. This article covers the steps to send Splunk alerts via Webhook. Refer to this article for steps to send Splunk alerts via API.
Prerequisites
- Access to your Splunk Cloud SAAS Version 9 or above instance.
- Valid credentials and permissions to configure the collector.
- An understanding of your alert data sources and requirements.
- Access to the secure API credentials provided by Human Managed.
Step 1: Create a service request ticket for Human Managed to configure the API Receiver
- Submit a request
- In the Subject, type or select Connect Splunk via Webhook
- Once the ticket has been accepted by Human Managed and the ticket status has been updated, follow the next steps.
Step 2: Set up a Splunk Alert
- Log in to the Splunk web interface.
- Click on Settings and select Searches, Reports, Alerts.
- Click on Create Alert to set up new alert.
- Define the search criteria that will trigger the alert. This could be based on specific events, patterns, or conditions in your logs.
Like search criteria, define other settings based on the requirement.
NOTE: App field needs must be set as Webhook Alert Action. - Configure the triggering conditions, such as the number of events or the threshold that must be met to trigger the alert.
- In the Trigger Actions section, select Add Actions and choose Webhook as the action type. Add URL shared by the Human Managed team and save the alert.
- Go to Advanced Edit
- Add required headers and Save.
authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx content-type: application/json
- Add Human Managed URL API in the webhook allowlist. In case of any issues adding it please take support from Splunk to add it or refer to this documentation from Splunk.
Step 3: Save and test
- Once the test has been created, Run the task manually to validate the results.
- Test the alert by triggering the conditions that you set up. Splunk will send the alert data to the configured webhook URL.
Step 4: Monitor and troubleshoot
- Monitor the API's endpoint to ensure that the data is being received as expected.
- Check Splunk's alerting history and logs to troubleshoot any issues that might arise.
Search string:
index=_internal sourcetype=splunkd component=sendmodalert action="webhook"
Backout procedure
- Delete the Alert created above.
- Uninstall the API alert app if not required for any other process.
Comments
0 comments
Please sign in to leave a comment.