Setup time: 3 Min

Integrate Splunk Observability with All Quiet in a matter of minutes. With webhooks, you can automatically send alerts from Splunk directly to All Quiet, streamlining your team’s incident management process.

1. Create Splunk Integration on All Quiet

Sign in to your All Quiet account.

Create Integration

  1. Click on the Integrations > Inbound tab.
  2. Click Create New Integration.

Select Splunk as the integration’s type

  1. Enter a display name for your integration, e.g. Splunk Observability.
  2. Select a team.
  3. Select Splunk as the integration’s type.
  4. Click Create Inbound Integration.

Get the All Quiet Webhook URL

After creating the integration on All Quiet

  1. you can view and copy the webhook URL. You will require this URL in step 2 when configuring the custom integration on Splunk.

2. Configure the integration with Splunk

Once you’ve set up an integration of type “Splunk” with All Quiet, the next crucial steps involve configuring a splunk search for specific log entries to define a notification and connecting it with All Quiet via the Webhook URL.

First, you need to sign in to your Splunk Account.

  1. From the home screen, navigate to Search & Reporting.

In the search tab

  1. Create a search for search entries you want to use to create an All Quiet incident under specific circumstances.
  2. Find the search results, below.
  3. Click Save as
  4. Select Save as notification.
  1. Define a Title for a notification. Optionally, you can add a description.
  2. Select the permissions.
  3. Define the Notification Type.
  4. Based on the Notification Type, you can define a Trigger.
  5. Add a Webhook as Trigger action.
  6. As URL, paste in the All Quiet Webhook URL you’ve obtained in step Get the All Quiet Webhook URL.
  7. Save the notification.

Next, make sure to add the target URL (the All Quiet Webhook URL) to your Splunk webhook allow list to enable sending incidents to All Quiet. For more information, please refer to the Splunk documentation.

You’re ready to go. If you set up your integration this way, Splunk will send alerts to All Quiet.
By configuring additional notifications for other searches, you can trigger All Quiet incidents for various scenarios using the same Webhook URL and Splunk integration.
Unfortunately, Splunk notifications do not fire resolve events.

Adjust Payload Mapping

Looking to customize the fields of your incidents by adjusting the pre-built payload mapping? Simply head over to the “Payload” tab within your integration and make the necessary edits to the mapping. For detailed guidance, you may check out our payload mapping documentation.

Using our Terraform provider? Download the default mapping of the allquiet_integration_mapping resource for the Splunk integration. Simply copy the syntax to your .tf file and tailor the resource to your team’s needs!