Splunk Legacy Integration Guide
Use legacy mode to temporarily work around issues introduced by the new integration of the user interface with the main splunkd service.
What can Zenduty do for Splunk Legacy users?
With Splunk Legacy's Integration, Zenduty sends new Splunk Legacy alerts to the right team and notifies them based on on-call schedules via email, text messages(SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the Splunk Legacy alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.
Whenever Splunk Legacy triggers an alert based on a predefined condition, Zenduty will create an incident. When that condition goes back to normal levels, Zenduty will auto-resolve the incident.
You can also use Alert Rules to custom route specific Splunk Legacy alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.
To integrate Splunk Legacy with Zenduty, complete the following steps:
On the Zenduty Dashboard:
- To add a new Splunk Legacy integration, go to Teams on Zenduty and click on the team you want to add the integration to.
- Next, go to Services and click on the relevant Service.
- Go to Integrations and then Add New Integration. Give it a name and select the application Splunk (Legacy) from the dropdown menu.
- Go to Configure under your integrations and copy the API KEY generated.
In Splunk:
-
Go to "$SPLUNK_HOME/bin/" and open the "setSplunkEnv" file and create one variable "$ZENDUTY_KEY" and the value of this variable will be API KEY that you have copied earlier. So it will look like
export $ZENDUTY_KEY= < API KEY >
. -
Clone this Repository:
-
Copy the Python Script file and paste it into "$SPLUNK_HOME/bin/scripts".
-
Sign In to Splunk. In the Search and Report app, search for the monitor metrics for Zenduty incidents to report on.
-
Save this as an Alert from the Save As window in the top right corner.
-
Fill in the form and Click the Add Actions button under Trigger Actions, select Run a script and write the name of the file which you have pasted in "$SPLUNK_HOME/bin/scripts" and save this Alert.
-
Splunk Legacy is now integrated.