Splunk
Connect Splunk Observability with All Quiet
Integrate Splunk Observability with All Quiet in a matter of minutes. With webhooks, you can automatically send alerts from Splunk directly to All Quiet, streamlining your team’s incident management process.
1. Create Splunk Integration on All Quiet
Sign in to your All Quiet account.
Create Integration
- Click on the
Integrations > Inbound
tab. - Click
Create New Integration
.
Select Splunk as the integration’s type
- Enter a display name for your integration, e.g.
Splunk Observability
. - Select a team.
- Select
Splunk
as the integration’s type. - Click
Create Inbound Integration
.
Get the All Quiet Webhook URL
After creating the integration on All Quiet
- you can view and copy the webhook URL. You will require this URL in step 2 when configuring the custom integration on Splunk.
2. Configure the integration with Splunk
Once you’ve set up an integration of type “Splunk” with All Quiet, the next crucial steps involve configuring a splunk search for specific log entries to define a notification and connecting it with All Quiet via the Webhook URL.
First, you need to sign in to your Splunk Account.
- From the home screen, navigate to
Search & Reporting
.
In the search tab
- Create a search for search entries you want to use to create an All Quiet incident under specific circumstances.
- Find the search results, below.
- Click
Save as
- Select Save as
notification
.
- Define a
Title
for a notification. Optionally, you can add a description. - Select the permissions.
- Define the
Notification Type
. - Based on the
Notification Type
, you can define aTrigger
. - Add a
Webhook
asTrigger action
. - As
URL
, paste in the All Quiet Webhook URL you’ve obtained in step Get the All Quiet Webhook URL. - Save the notification.
Next, make sure to add the target URL (the All Quiet Webhook URL) to your Splunk webhook allow list to enable sending incidents to All Quiet. For more information, please refer to the Splunk documentation.
Adjust Payload Mapping
Looking to customize the fields of your incidents by adjusting the pre-built payload mapping? Simply head over to the “Payload” tab within your integration and make the necessary edits to the mapping. For detailed guidance, you may check out our payload mapping documentation.
allquiet_integration_mapping
resource for the Splunk integration. Simply copy the syntax to your .tf file and tailor the resource to your team’s needs!