Basically, I'd like to have a ticket created whenever an alert is triggered or when Submit button is pressed. The Remedy platform already has an API for this and I tested a POST request (using Postman) based on the required arguments and a ticket would be created successfully.
The alert that I have created works fine (e.g. email sent) but the question is, where and how can I implement that ticketing "arguments" into my Splunk script/alert? I've read about Webhook but not sure how to progress further. Below is a sample of the POST call I made to the Remedy endpoint using Postman.
{
"Customer": "na\\johndoe",
"Contact": "",
"Summary": "Group Removed",
"Notes": "The Group ABC.LG was removed from Administrator",
"Priority": "High",
"Work_Order_Type": "General",
"Status": "Assigned",
"Service": "Applications - Shared Platforms",
"Assignee": "Tom Baker",
"Group_Assign": "Analysis and Reporting"
}
Any step-by-step guidance would be much appreciated.
Hi Roy99,
Could you please let me know where i have pass the parameters or payload details that are passing to HPD:ServiceInterface.
Thanks..!!
Thanks for the suggestion. I would say installing add-on would be a long process (e.g. justification, approval, etc) and most likely wont be able to get it. Is there another way to do this like via webhook, macro and so on?
I have Splunk App for Infrastructure installed, currently we can create an alert for Splunk App for Infrastructure using one of following default alert methods: email, VictorOps, Slack and Custom Web-hook. instead of using these default methods, we want to know if we can use Splunk App for Remedy as alert action to create ticket to Remedy? Thanks
I installed Splunk App for Remedy, but I cannot see Splunk App for Remedy as an alert option for Splunk App for Infrastructure.
I checked with Manage Apps, and confirmed that Splunk App for Remedy has Global sharing permission.
If you go to Settings->Alert Actions and look at the "Sharing" column for the action in question, does it say "Global"?
yes, it is Global
Sounds like it is not directly usable from another app. Perhaps you can clone the alert action into the desired app.
Thanks!
How can I "close the alert action into the desired app" ?
Sorry, I mis-typed. I meant to clone the alert action.
Thanks again.
Then How can I clone the alert action to Splunk App for Infrastructure?
Since Splunk doesn't provide a "Clone" link for alert actions you have to do it manually.
Edit the alert_actions.conf file in the source app and copy the relevant stanza to the alert_actions.conf file in the destination app. You'll then need to copy the appropriate Python file from the source app to the destination one (the bin directory of each). Do this on your search head(s).
Restart the SHs for the changes to take effect.
Of course, you'll want to review the python code to see if there any other dependencies that must be copied.
Thanks a lot for the suggestion! It is a good way to start and led me to explore Moogsoft, something that we are already using. Using some of the pre-defined fields, a Remedy ticket was able to be created. Thanks again!