Search

Connect Splunk with Human Managed via Webhook

huma
huma
  • Updated

 

You can send Splunk alerts via API or Webhook to the Human Managed platform to be analyzed for various use cases. This article covers the steps to send Splunk alerts via Webhook.  Refer to this article for steps to send Splunk alerts via API. 

 

Note: This is applicable for Splunk Cloud SaaS version 9.x.x. and above.  

Note: The API endpoint URL and other required credentials / headers will be sent to you separately via the service ticket. 

 

Prerequisites 

  • Access to your Splunk Cloud SAAS Version 9 or above instance.
  • Valid credentials and permissions to configure the collector.
  • An understanding of your alert data sources and requirements.
  • Access to the secure API credentials provided by Human Managed.

 

Step 1: Create a service request ticket for Human Managed to configure the API Receiver 

  1. Submit a request 
  2. In the Subject, type or select Connect Splunk via Webhook 
  3. Once the ticket has been accepted by Human Managed and the ticket status has been updated, follow the next steps.

 

Step 2: Set up a Splunk Alert

  1. Log in to the Splunk web interface. 
  2. Click on Settings and select Searches, Reports, Alerts. 
    splunk guide 7.jpg
  3. Click on Create Alert to set up new alert. 
  4. Define the search criteria that will trigger the alert.  This could be based on specific events, patterns, or conditions in your logs. 

    Like search criteria, define other settings based on the requirement. 

    NOTE: App field needs must be set as Webhook Alert Action. splunk guide 8.jpg
  5. Configure the triggering conditions, such as the number of events or the threshold that must be met to trigger the alert.
    splunk guide 9.jpg
  6. In the Trigger Actions section, select Add Actions and choose Webhook as the action type. Add URL shared by the Human Managed team and save the alert. 
    splunk webhook 1.jpg
  7. Go to Advanced Edit 
    splunk webhook 2.jpg
  8. Add required headers and Save. 

    authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx content-type: application/json

    splunk webhook 3.jpg
  9. Add Human Managed URL API in the webhook allowlist. In case of any issues adding it please take support from Splunk to add it or refer to this documentation from Splunk

Step 3: Save and test 

  1. Once the test has been created, Run the task manually to validate the results. 
    splunk guide 12.jpg
  2. Test the alert by triggering the conditions that you set up. Splunk will send the alert data to the configured webhook URL.

Step 4: Monitor and troubleshoot

  1. Monitor the API's endpoint to ensure that the data is being received as expected.
  2. Check Splunk's alerting history and logs to troubleshoot any issues that might arise.

    Search string: 
    index=_internal sourcetype=splunkd component=sendmodalert action="webhook"

    splunk webhook 4.jpg

Backout procedure 

  1. Delete the Alert created above.
  2. Uninstall the API alert app if not required for any other process.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.