Splunk is a web-style interface for searching, monitoring, and analyzing machine-generated big data.
With Splunk’s Integration, Zenduty sends new Splunk alerts to the right team and notifies them based on on-call schedules via email, text messages (SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the Splunk alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.
Whenever Splunk triggers an alert based on a predefined condition, Zenduty will create an incident. When that condition goes back to normal levels, Zenduty will auto-resolve the incident.
You can also use Alert Rules to custom route specific Splunk alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.
To add a new Splunk integration, go to “Teams” on Zenduty and click on the “Manage” button corresponding to the team you want to add the integration to.
Next, go to “Services” and click on the “Manage” button corresponding to the relevant Service.
Go to “Integrations” and then “Add New Integration”. Give it a name and select the application “Splunk” from the dropdown menu.
Go to “Configure” under your integrations and copy the webhooks URL generated.
Log in to Splunk. In the “Search and Report” app, search for the monitor metrics for Zenduty incidents to report on. As an example, we monitor “keyring”:
Save this as an “Alert” from the “Save As” window in the top right corner.
Fill in the form.
Click the “Add Actions” button under “Trigger Actions” and select “Webhook”.
Paste the url you copied earlier, and “Save”
An alert for Zenduty (eg. “Login Alert”) has been created and will show up in your “Alerts” tab.
Splunk is now Integrated with your Zenduty account.
Looking for a better way to get real-time alerts from Splunk Integration, setup a solid incident escalation and incident response pipeline and minimize response and resolution times for Splunk Integration incidents?