https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64274#M885 <P>I think, that the easiest way to "integrate" a ticketing tool with Splunk ist to set up alerts and trigger a script that will create a ticket in your existing ticketing tool ( via whatever interface the tool offers).There is documentation <A href="http://docs.splunk.com/Documentation/Splunk/5.0.3/Alert/Configuringscriptedalerts"> here</A></P> <P>The Enterprise Security app does have a workflow implemented to deal with the notable events(which are more or less incidents) that are created. Both of those are part of ES though and not available out of the box in a standard Splunk installation. </P> Fri, 14 Jun 2013 11:31:25 GMT chris 2013-06-14T11:31:25Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64272#M883 <P>We are planning to implement INCIDENT MANAGEMENT system in Splunk. <BR /> For that we need to integrate a ticketing tool with Splunk. <BR /> I have seen the Splunk Enterprise Security app which is similar to what we try to implement.<BR /> Is there any ideas on this ?</P> Fri, 14 Jun 2013 10:42:13 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64272#M883 chimbudp 2013-06-14T10:42:13Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64273#M884 <P>Get the Enterprise Security app? <span class="lia-unicode-emoji" title=":grinning_face_with_big_eyes:">😃</span></P> Fri, 14 Jun 2013 11:26:48 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64273#M884 Ayn 2013-06-14T11:26:48Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64274#M885 <P>I think, that the easiest way to "integrate" a ticketing tool with Splunk ist to set up alerts and trigger a script that will create a ticket in your existing ticketing tool ( via whatever interface the tool offers).There is documentation <A href="http://docs.splunk.com/Documentation/Splunk/5.0.3/Alert/Configuringscriptedalerts"> here</A></P> <P>The Enterprise Security app does have a workflow implemented to deal with the notable events(which are more or less incidents) that are created. Both of those are part of ES though and not available out of the box in a standard Splunk installation. </P> Fri, 14 Jun 2013 11:31:25 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64274#M885 chris 2013-06-14T11:31:25Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64275#M886 <P>I need to set up a forwarder in the ticket tool server . there i need to configure the scripted inputs to get the ticket detials and populate in Splunk.<BR /> Problem here is Ticket Tool domain control is with another stream of business , where they provide access to install UF.</P> Fri, 14 Jun 2013 12:49:13 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64275#M886 chimbudp 2013-06-14T12:49:13Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64276#M887 <P>Without installing forwarder , cant we achieve this?</P> Fri, 14 Jun 2013 12:49:37 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64276#M887 chimbudp 2013-06-14T12:49:37Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64277#M888 <P>Thats cool. But , will i be getting the conf files and other property files ?</P> Fri, 14 Jun 2013 13:05:14 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64277#M888 chimbudp 2013-06-14T13:05:14Z https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64278#M889 <P>Oh, if you want to have ticketing information in Splunk it will depend on the ticketing tool and it's interfaces. If there is an interface that is exposed to the network (REST ... ) you might be able to get the information from a different machine than the ticketing server.</P> Fri, 14 Jun 2013 21:14:19 GMT https://community.splunk.com/t5/Splunk-Dev/Implementing-a-Incident-management-system/m-p/64278#M889 chris 2013-06-14T21:14:19Z