All Apps and Add-ons

How to create ticket in Remedy when an alert is triggered?

timyong80
Explorer

Basically, I'd like to have a ticket created whenever an alert is triggered or when Submit button is pressed. The Remedy platform already has an API for this and I tested a POST request (using Postman) based on the required arguments and a ticket would be created successfully.

The alert that I have created works fine (e.g. email sent) but the question is, where and how can I implement that ticketing "arguments" into my Splunk script/alert? I've read about Webhook but not sure how to progress further. Below is a sample of the POST call I made to the Remedy endpoint using Postman.

 

{
  "Customer": "na\\johndoe",
  "Contact": "",
  "Summary": "Group Removed",
  "Notes": "The Group ABC.LG was removed from Administrator",
  "Priority": "High",
  "Work_Order_Type": "General",
  "Status": "Assigned",
  "Service": "Applications - Shared Platforms",
  "Assignee": "Tom Baker",
  "Group_Assign": "Analysis and Reporting"
}

 

Any step-by-step guidance would be much appreciated.

Labels (2)
Tags (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
Check out the Splunk Add-on for BMC Remedy at https://splunkbase.splunk.com/app/3087/
---
If this reply helps you, an upvote would be appreciated.
0 Karma

timyong80
Explorer

Thanks for the suggestion. I would say installing add-on would be a long process (e.g. justification, approval, etc) and most likely wont be able to get it. Is there another way to do this like via webhook, macro and so on?

0 Karma

richgalloway
SplunkTrust
SplunkTrust
All of that is done for you by the app. That is your justification. Installing a Splunk app is not like installing a Windows or Linux app. Most Splunk apps are just collections of configuration files so there is little to no risk from installing them.
If you can't get approval to install the app then at least download it to see how it accomplishes the task and then replicate it.
---
If this reply helps you, an upvote would be appreciated.

qhmassc
Explorer

I have Splunk App for Infrastructure installed, currently we can create an alert for Splunk App for Infrastructure using one of following default alert  methods: email, VictorOps, Slack and  Custom Web-hook.  instead of using these default methods, we want to know if we can use Splunk App for Remedy as alert action to create ticket to Remedy?  Thanks

0 Karma

richgalloway
SplunkTrust
SplunkTrust
I don't know the answer, but suspect it is possible. Try it and let us know.
---
If this reply helps you, an upvote would be appreciated.
0 Karma

qhmassc
Explorer

I installed Splunk App for Remedy, but I cannot see Splunk App for Remedy as an alert option for Splunk App for Infrastructure.  

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Check that the alert actions in Splunk App for Remedy have Global access.
---
If this reply helps you, an upvote would be appreciated.
0 Karma

qhmassc
Explorer

I checked with Manage Apps, and confirmed that Splunk App for Remedy has Global sharing permission.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you go to Settings->Alert Actions and look at the "Sharing" column for the action in question, does it say "Global"?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

qhmassc
Explorer

yes, it is Global

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Sounds like it is not directly usable from another app.  Perhaps you can clone the alert action into the desired app.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

qhmassc
Explorer

Thanks!

How can  I "close the alert action into the desired app"  ?

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Sorry, I mis-typed.  I meant to clone the alert action.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

qhmassc
Explorer

Thanks again.

Then How can I clone the alert action to Splunk App for Infrastructure?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Since Splunk doesn't provide a "Clone" link for alert actions you have to do it manually.

Edit the alert_actions.conf file in the source app and copy the relevant stanza to the alert_actions.conf file in the destination app.  You'll then need to copy the appropriate Python file from the source app to the destination one (the bin directory of each).  Do this on your search head(s).

Restart the SHs for the changes to take effect.

Of course, you'll want to review the python code to see if there any other dependencies that must be copied.

---
If this reply helps you, an upvote would be appreciated.

timyong80
Explorer

Thanks a lot for the suggestion! It is a good way to start and led me to explore Moogsoft, something that we are already using. Using some of the pre-defined fields, a Remedy ticket was able to be created. Thanks again!

Tags (1)
0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!