Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Use Splunk together with Opsgenie

Deleted user May 11, 2021

Hi there,

in our Opsgenie there is already a team that has a Splunk integration.

But I need to establish another connection from Splunk to Opsgenie for my team.

As far as I understand Splunk only supports 1 API key for Opsgenie.

 

So can I use some forwarding mechanism, something like a dispatcher?

For example "Only those Splunk alerts which starts with 'WEB' are to be forwarded to my team, as a fall-back all other ones are to be forwarded to the other team".

 

Thanks,

Marco

 

Answer
Watch
Like # people like this
660 views

3 answers

1 accepted

1 vote
Answer accepted
Jorge Gomez Rivas
Jorge Gomez Rivas June 8, 2021

Hi Marco,

We had the same problem. We solved it using the API integration in Opsgenie and sending POST request from Splunk.

We are using HTTP Alert Action https://splunkbase.splunk.com/app/5022/ in Splunk to send the POST requests alerts to the API. This is an action that you can select on the alerts.

You need to specify the API key. You can configure as many API incoming integrations in Opsgenie as you want and assign them to a team (the owner team) and you will receive a different API key per integration. Unfortunately, the API key is passed as a header and it is in clear in the Splunk action.

Hope it helps. If you need more information about this we dig deeper on this solution.

Best regards,

Jorge.

View More Comments
Deleted user June 8, 2021

Thanks a lot for this

Like Jorge Gomez Rivas likes this
Reply
0 votes
dklein
dklein December 8, 2022

Hey @[deleted] just in case you never found anything... it is possible to do by cloning the folder and the modifying the configuration with new names so nothing will conflict... now I have two selectable alert actions for Ops Genie!

Reply
0 votes
Deleted user May 18, 2021

Okay, I got no answer on this. Maybe I can paint another solution which leads to another question.

So we have 2 teams in Obsgenie, let's name them Team Frontend (FE) and Team Backend (BE).
Currently FE is receiving all Splunk alerts, and BE gets nothing. A second plugin especially for BE didn't work.

So maybe we can create a new team, like Team Splunk-Receivers (SR). SR get all Splunk alerts, FE and BE get nothing. We create at least 2 alerts within SR, one that filters all frontend stuff, and one that gets the backend ones. Each alert adds a tag (e.g. FE and BE) to the alerts.

Now we have Team SR with all Splunk alerts, that are filtered and tagged.

Is it possible to forward those tagged alerts to another team, FE and BE to be more detailed?

Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events