splunk

Splunk indexes and makes searchable data from any app, server, or network device in real time including logs, config files, messages, alerts, scripts and metrics. You can pull in all sorts of data, perform all kinds of interesting statistical analysis on it, and present it in a variety of formats. They aim to make machine data accessible across an organization, which can help to better identify data patterns, provide metrics, diagnose problems and provide intelligence for business operation. While Splunk may have started out as “Google for your logs”, it’s become far more than that, as capabilities have been added.

This Splunk integration with Victorops creates an incident in the VictorOps timeline using a short script you can append to any Splunk alerts.

The Script

Begin by copying the following script into $SPLUNK_HOME/bin/scripts, make it executable and give it a name. Make sure to put in the correct API KEY and ROUTING KEY.

The script will create an incident that looks like this:

splunk

Feel free to adjust the message, and/or include any other bit of detail you would like. For more information on configuring the scripted alerts for Splunk see here.

Configuration in Splunk

— Start by entering a new search, then select Save As ==> Alert
— Give the alert a name and configure it in any manner you choose, select next.
— Under Enable Actions, select Run a Script and enter the name of the script you placed in $SPLUNK_HOME/bin/scripts.
— Save the alert.

Now whenever the search criteria is met, an incident will be created in your VictorOps timeline and the correct people will be alerted. Hooray!

To see more about this integration, check out our integration video: