Splunk On-Call

Splunk On-Call (formerly known as VictorOps) is an on-call and alert management platform providing, among other things, on-call rotations.

configure8 users benefit from seeing important data directly in their service detail page at a glance without needing to start their incident response journey by clicking into multiple tools, navigating to the proper services, and finding the right information.

Users also benefit by enabling configure8 to create an incident in Splunk On-Call, which reduces the burden on users to login to multiple tools and the effort required to create an incident.

Generate API Key

In order to get started with embedding your Splunk integration, you must create a new API key.

To generate an API Access Key, login to your Splunk app and:

1. In the web app, navigate to Integrations -> API .

2. Click New Key.

3. Enter a Description to help you identify the key later.

4. Read-only permission is sufficient.

5. Click Create Key.

Enable Rest Integration.

To create a REST integration, login to your Splunk app and:

1. In the web app, navigate to Integrations -> 3rd Party Integration .

2. Enter the REST Generic integration.

3. Hit Enable Integration if it's not enabled yet.

Creating a Splunk Credential

To connect your Splunk account to configure8, perform the following steps.

Get started by navigating to the Credentials page by clicking on the "settings" icon on the menu bar. Then in the Credentials tab hit "+ Add credential".

From the Add Credential pop-up, select Splunk from the list of available providers.

Next, enter the information required for your credential:

• Name: a recognizable alias for the new credential.

• Splunk OnCall API ID: in Splunk -> Integrations -> API you will see the "Your API ID:" number.

• API Key: This is the Splunk API Key you generated in the Generate API Key section.

Select Save to create your Splunk credential in configure8. The configure8 app will automatically validate the credentials to make sure they work. If they do not, the credentials will not be saved and you will be prompted to fix them.

Configuring Splunk for your Services

Adding a Splunk plug-in to your service adds the on-call schedule and ability to create an incident on your service overview page. To add a Splunk plug-in to your service, start by selecting a service from your catalog Services listing.

From your service overview page, select the Add Plug-in button.

From the Plugins dialog, browse through the list of available plugins and select the Splunk plug-in by clicking on the Add button.

In the Plug-ins configuration wizard, select an existing credential to connect to the selected plugin provider. If you missed the previous steps and or would like to use a new credential, select the Add Credential button.

Next, enter the information required for your Splunk plug-in configuration.

• Plugin Title: the title of the plug-in to display on the service overview page

• Splunk OnCall REST Integration Key: This is the UUID in your Rest integration URL. For example the bold numbers in this URL "https://alert.victorops.com/integrations/generic/20131114/alert/39541346-71e9-4b43-8ece-37a5c14ed837/$routing_key". This parameter is optional and its used to create incidents, so if you don't provide it the "New Incident" shortcut in the plugin won't be available.

• Teams: filter by teams that are responsible for this service.

Once you have entered all the required configuration information, select Done. Your configured plug-in is added to your service overview page.

Services table information

Once you add a On-Call Management System to a Service, configure8 will also aggregate the following information into the service table:

• On-call: Who is on call now for that service

• Incidents P1 : Critical Splunk Incidents

• Incidents P2

• Incidents P3 : Warning Splunk Incidents

• Incidents P4

• Incidents P5 : Info Splunk Incidents