All Apps and Add-ons

Can SCOM 2012 Notification Channels be built to inject subscription alerts into Splunk?

rhendle
Observer

New to Splunk and recently set up a test environment.....

Is it possible to use a SCOM command line channel using a script (not email) to inject alerts into an event management tool (not Splunk)?

  • Our current script uses variables to populate the alert info into the event management tool.
  • We have tons of custom subscriptions in SCOM that target a management pack classes but use a common the channel to inject into the event management tool.
  • I'm looking to migrate to Splunk and was wondering if anyone has built a channel to inject alerts into Splunk in a similar way or understand how you may be routing alerts by management pack class vs. build custom alert rules in Splunk.

Interested in hearing how others might be using SCOM Channels/Subscriptions into Splunk!!
Thank you!

0 Karma

rhendle
Observer

FYI - Resolved this issue by using powershell to inject event into HEC (HTTP Event Collector)

0 Karma

rhendle
Observer

FYI - I ended up figuring this out. Not sure if there is any interest but happy to document an example if there is anyone else trying to figure it out!

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...