All Apps and Add-ons

How to create ticket in Remedy when an alert is triggered?

timyong80
Explorer

Basically, I'd like to have a ticket created whenever an alert is triggered or when Submit button is pressed. The Remedy platform already has an API for this and I tested a POST request (using Postman) based on the required arguments and a ticket would be created successfully.

The alert that I have created works fine (e.g. email sent) but the question is, where and how can I implement that ticketing "arguments" into my Splunk script/alert? I've read about Webhook but not sure how to progress further. Below is a sample of the POST call I made to the Remedy endpoint using Postman.

 

{
  "Customer": "na\\johndoe",
  "Contact": "",
  "Summary": "Group Removed",
  "Notes": "The Group ABC.LG was removed from Administrator",
  "Priority": "High",
  "Work_Order_Type": "General",
  "Status": "Assigned",
  "Service": "Applications - Shared Platforms",
  "Assignee": "Tom Baker",
  "Group_Assign": "Analysis and Reporting"
}

 

Any step-by-step guidance would be much appreciated.

Labels (2)
Tags (3)
0 Karma

nisha_sh
Loves-to-Learn Everything

Hi Roy99,

Could you please let me know where i have pass the parameters or payload details that are passing to HPD:ServiceInterface.

 

Thanks..!!

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Check out the Splunk Add-on for BMC Remedy at https://splunkbase.splunk.com/app/3087/
---
If this reply helps you, Karma would be appreciated.
0 Karma

timyong80
Explorer

Thanks for the suggestion. I would say installing add-on would be a long process (e.g. justification, approval, etc) and most likely wont be able to get it. Is there another way to do this like via webhook, macro and so on?

0 Karma

richgalloway
SplunkTrust
SplunkTrust
All of that is done for you by the app. That is your justification. Installing a Splunk app is not like installing a Windows or Linux app. Most Splunk apps are just collections of configuration files so there is little to no risk from installing them.
If you can't get approval to install the app then at least download it to see how it accomplishes the task and then replicate it.
---
If this reply helps you, Karma would be appreciated.

qhmassc
Explorer

I have Splunk App for Infrastructure installed, currently we can create an alert for Splunk App for Infrastructure using one of following default alert  methods: email, VictorOps, Slack and  Custom Web-hook.  instead of using these default methods, we want to know if we can use Splunk App for Remedy as alert action to create ticket to Remedy?  Thanks

0 Karma

richgalloway
SplunkTrust
SplunkTrust
I don't know the answer, but suspect it is possible. Try it and let us know.
---
If this reply helps you, Karma would be appreciated.
0 Karma

qhmassc
Explorer

I installed Splunk App for Remedy, but I cannot see Splunk App for Remedy as an alert option for Splunk App for Infrastructure.  

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Check that the alert actions in Splunk App for Remedy have Global access.
---
If this reply helps you, Karma would be appreciated.
0 Karma

qhmassc
Explorer

I checked with Manage Apps, and confirmed that Splunk App for Remedy has Global sharing permission.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you go to Settings->Alert Actions and look at the "Sharing" column for the action in question, does it say "Global"?

---
If this reply helps you, Karma would be appreciated.
0 Karma

qhmassc
Explorer

yes, it is Global

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Sounds like it is not directly usable from another app.  Perhaps you can clone the alert action into the desired app.

---
If this reply helps you, Karma would be appreciated.
0 Karma

qhmassc
Explorer

Thanks!

How can  I "close the alert action into the desired app"  ?

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Sorry, I mis-typed.  I meant to clone the alert action.

---
If this reply helps you, Karma would be appreciated.
0 Karma

qhmassc
Explorer

Thanks again.

Then How can I clone the alert action to Splunk App for Infrastructure?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Since Splunk doesn't provide a "Clone" link for alert actions you have to do it manually.

Edit the alert_actions.conf file in the source app and copy the relevant stanza to the alert_actions.conf file in the destination app.  You'll then need to copy the appropriate Python file from the source app to the destination one (the bin directory of each).  Do this on your search head(s).

Restart the SHs for the changes to take effect.

Of course, you'll want to review the python code to see if there any other dependencies that must be copied.

---
If this reply helps you, Karma would be appreciated.

timyong80
Explorer

Thanks a lot for the suggestion! It is a good way to start and led me to explore Moogsoft, something that we are already using. Using some of the pre-defined fields, a Remedy ticket was able to be created. Thanks again!

Tags (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...