All Apps and Add-ons

How does integration work between OpsGenie and Splunk? How does the OpsGenie interface read alerts?

danillopavan
Communicator

Hello all,

I am creating some alerts and including as action the integration with OpsGenie interface.

The alerts are being generated succesfully, however I would like to customize the SMS and email texts.

I would like to understand how the integration works: I need to pass some variables to the integrations (iike results)? How the OpsGenie interface can read my alerts results to show better the information?

Thanks and regards,
Danillo Pavan

0 Karma
1 Solution

bcelenk
Explorer

Disclaimer: I'm an employee at OpsGenie 🙂

OpsGenie's custom alert action retrieves the raw payload from the Splunk and parses your data to construct rich and informative alerts. You can use dynamic fields to customize alert properties, as well as alert conditions.

Regarding your question, we acquire the data using a similar method to Splunk's Webhook alert action. If you want to develop your own custom action, this document might be helpful:https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/AdvancedDev/CustomAlertConvertScripted

Detailed information could be found in our Splunk Integration:https://docs.opsgenie.com/docs/splunk-integration

Sincerely,
Bener

View solution in original post

0 Karma

joshva0894
Observer

Hi @danillopavan

Could you please let me know, How did you integrated Opsgenie with Splunk ??

I couldn't able to paste the API key in Splunk, which i got from Genie

Hope a quick response

0 Karma

bcelenk
Explorer

Disclaimer: I'm an employee at OpsGenie 🙂

OpsGenie's custom alert action retrieves the raw payload from the Splunk and parses your data to construct rich and informative alerts. You can use dynamic fields to customize alert properties, as well as alert conditions.

Regarding your question, we acquire the data using a similar method to Splunk's Webhook alert action. If you want to develop your own custom action, this document might be helpful:https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/AdvancedDev/CustomAlertConvertScripted

Detailed information could be found in our Splunk Integration:https://docs.opsgenie.com/docs/splunk-integration

Sincerely,
Bener

0 Karma

danillopavan
Communicator

Hello bcelenk,

Thanks for your information. I have already created a customized alert to be sent by OpsGenie app. I have used the JSON structure to get the values of the result object. Just as tip to see the JSON structure sent by SPLUNK, go to LOGs are in OpsGenie site, and look for the Splunk integration log (called as Received integration Request). There you can find the JSON structure sent by SPLUNK and get the fields names (under Object>_IncomingData>_httpBodyJson>_configuration>_result
To configure just create an new integration in Advanced mode and input your values in the Alert Fields.
Just a problem that I noted, even my Splunk alert search bring more than 1 raw in result, the JSON structure just show the first line of the result. Not sure if this is an issue or if I didnt know how to use it 😞
Thanks!

0 Karma

bcelenk
Explorer

Hi danillopavan,
While configuring the OpsGenie as your custom trigger action: Please select Per-Result which is located under Trigger Conditions. After setting the trigger condition as mentioned, you could view each result's data in their own alert. You may find more information about this in the answer: https://answers.splunk.com/answers/373469/how-to-get-splunk-webhook-alert-actions-to-send-en.html

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...