Use legacy mode to temporarily work around issues introduced by the new integration of the user interface with the main splunkd service.
With Splunk Legacy’s Integration, Zenduty sends new Splunk Legacy alerts to the right team and notifies them based on on-call schedules via email, text messages (SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the Splunk Legacy alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.
Whenever Splunk Legacy triggers an alert based on a predefined condition, Zenduty will create an incident. When that condition goes back to normal levels, Zenduty will auto-resolve the incident.
You can also use Alert Rules to custom route specific Splunk Legacy alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.
#To integrate Splunk Legacy with Zenduty, complete the following steps:
- To add a new Splunk Legacy integration, go to “Teams” on Zenduty and click on the “Manage” button corresponding to the team you want to add the integration to.
- Next, go to “Services” and click on the “Manage” button corresponding to the relevant Service.
- Go to “Integrations” and then “Add New Integration”. Give it a name and select the application “Splunk (Legacy)” from the dropdown menu.
- Go to “Configure” under your integrations and copy the API KEY generated.
Go to “$SPLUNK_HOME/bin/” and open “setSplunkEnv” file and create one variable “$ZENDUTY_KEY” and the value of this variable will be API KEY that you have copied earlier. So it will look like
export $ZENDUTY_KEY= < API KEY >.
Clone this Repository:
Copy the Python Script file and paste it into “$SPLUNK_HOME/bin/scripts”.
Sign In to Splunk. In the “Search and Report” app, search for the monitor metrics for Zenduty incidents to report on.
Save this as an “Alert” from the “Save As” window in the top right corner.
Fill in the form and Click the “Add Actions” button under “Trigger Actions”, select “Run a script” and write the name of the file which you have pasted in “$SPLUNK_HOME/bin/scripts” and save this Alert.
Splunk Legacy is now integrated.
Looking for a better way to get real-time alerts from Splunk Legacy Integration, setup a solid incident escalation and incident response pipeline and minimize response and resolution times for Splunk Legacy Integration incidents?