Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Use Splunk together with Opsgenie

Deleted user May 11, 2021

Hi there,

in our Opsgenie there is already a team that has a Splunk integration.

But I need to establish another connection from Splunk to Opsgenie for my team.

As far as I understand Splunk only supports 1 API key for Opsgenie.

 

So can I use some forwarding mechanism, something like a dispatcher?

For example "Only those Splunk alerts which starts with 'WEB' are to be forwarded to my team, as a fall-back all other ones are to be forwarded to the other team".

 

Thanks,

Marco

 

Answer
Watch
Like # people like this
573 views

3 answers

1 accepted

1 vote
Answer accepted
Jorge Gomez Rivas
Jorge Gomez Rivas Jun 08, 2021

Hi Marco,

We had the same problem. We solved it using the API integration in Opsgenie and sending POST request from Splunk.

We are using HTTP Alert Action https://splunkbase.splunk.com/app/5022/ in Splunk to send the POST requests alerts to the API. This is an action that you can select on the alerts.

You need to specify the API key. You can configure as many API incoming integrations in Opsgenie as you want and assign them to a team (the owner team) and you will receive a different API key per integration. Unfortunately, the API key is passed as a header and it is in clear in the Splunk action.

Hope it helps. If you need more information about this we dig deeper on this solution.

Best regards,

Jorge.

View More Comments
Deleted user Jun 08, 2021

Thanks a lot for this

Like Jorge Gomez Rivas likes this
Reply
0 votes
dklein
dklein Dec 08, 2022

Hey @[deleted] just in case you never found anything... it is possible to do by cloning the folder and the modifying the configuration with new names so nothing will conflict... now I have two selectable alert actions for Ops Genie!

Reply
0 votes
Deleted user May 18, 2021

Okay, I got no answer on this. Maybe I can paint another solution which leads to another question.

So we have 2 teams in Obsgenie, let's name them Team Frontend (FE) and Team Backend (BE).
Currently FE is receiving all Splunk alerts, and BE gets nothing. A second plugin especially for BE didn't work.

So maybe we can create a new team, like Team Splunk-Receivers (SR). SR get all Splunk alerts, FE and BE get nothing. We create at least 2 alerts within SR, one that filters all frontend stuff, and one that gets the backend ones. Each alert adds a tag (e.g. FE and BE) to the alerts.

Now we have Team SR with all Splunk alerts, that are filtered and tagged.

Is it possible to forward those tagged alerts to another team, FE and BE to be more detailed?

Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

See all events