Splunk is a web-style interface for searching, monitoring, and analyzing machine-generated big data.
With Splunk’s Integration, Zenduty sends new Splunk alerts to the right team and notifies them based on on-call schedules via email, text messages(SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the Splunk alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.
Whenever Splunk triggers an alert based on a predefined condition, Zenduty will create an incident. When that condition goes back to normal levels, Zenduty will auto-resolve the incident.
You can also use Alert Rules to custom route specific Splunk alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.
To add a new Splunk integration, go to Teams on Zenduty and click on the team you want to add the integration to.
Next, go to Services and click on the relevant Service.
Go to Integrations and then Add New Integration. Give it a name and select the application Splunk from the dropdown menu.
Go to Configure under your Integrations and copy the Webhook URL generated.
Log in to Splunk. In the Search and Report app, search for the monitor metrics for Zenduty incidents to report on. As an example, we monitor keyring:
Save this as an Alert from the Save As window in the top right corner.
Fill in the form.
Click the Add Actions button under Trigger Actions and select Webhook.
Paste the url you copied earlier, and Save
An alert for Zenduty (eg. Login Alert) has been created and will show up in your Alerts tab.
Splunk is now Integrated with your Zenduty account.
Looking for a better way to get real-time alerts from Splunk Integration, setup a solid incident escalation and incident response pipeline and minimize response and resolution times for Splunk Integration incidents?