- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I am creating some alerts and including as action the integration with OpsGenie interface.
The alerts are being generated succesfully, however I would like to customize the SMS and email texts.
I would like to understand how the integration works: I need to pass some variables to the integrations (iike results)? How the OpsGenie interface can read my alerts results to show better the information?
Thanks and regards,
Danillo Pavan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disclaimer: I'm an employee at OpsGenie 🙂
OpsGenie's custom alert action retrieves the raw payload from the Splunk and parses your data to construct rich and informative alerts. You can use dynamic fields to customize alert properties, as well as alert conditions.
Regarding your question, we acquire the data using a similar method to Splunk's Webhook alert action. If you want to develop your own custom action, this document might be helpful:https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/AdvancedDev/CustomAlertConvertScripted
Detailed information could be found in our Splunk Integration:https://docs.opsgenie.com/docs/splunk-integration
Sincerely,
Bener
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @danillopavan
Could you please let me know, How did you integrated Opsgenie with Splunk ??
I couldn't able to paste the API key in Splunk, which i got from Genie
Hope a quick response
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disclaimer: I'm an employee at OpsGenie 🙂
OpsGenie's custom alert action retrieves the raw payload from the Splunk and parses your data to construct rich and informative alerts. You can use dynamic fields to customize alert properties, as well as alert conditions.
Regarding your question, we acquire the data using a similar method to Splunk's Webhook alert action. If you want to develop your own custom action, this document might be helpful:https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/AdvancedDev/CustomAlertConvertScripted
Detailed information could be found in our Splunk Integration:https://docs.opsgenie.com/docs/splunk-integration
Sincerely,
Bener
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello bcelenk,
Thanks for your information. I have already created a customized alert to be sent by OpsGenie app. I have used the JSON structure to get the values of the result object. Just as tip to see the JSON structure sent by SPLUNK, go to LOGs are in OpsGenie site, and look for the Splunk integration log (called as Received integration Request). There you can find the JSON structure sent by SPLUNK and get the fields names (under Object>_IncomingData>_httpBodyJson>_configuration>_result
To configure just create an new integration in Advanced mode and input your values in the Alert Fields.
Just a problem that I noted, even my Splunk alert search bring more than 1 raw in result, the JSON structure just show the first line of the result. Not sure if this is an issue or if I didnt know how to use it 😞
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi danillopavan,
While configuring the OpsGenie as your custom trigger action: Please select Per-Result which is located under Trigger Conditions. After setting the trigger condition as mentioned, you could view each result's data in their own alert. You may find more information about this in the answer: https://answers.splunk.com/answers/373469/how-to-get-splunk-webhook-alert-actions-to-send-en.html
