All Apps and Add-ons

Installation & setup guide is not available for Service Manager Integration Add-on

Anirban92Chakra
New Member

There is very less details available on this application. Also the setup page didn't came once I install this. Also please provide some document if available.

0 Karma
1 Solution

iamarkaprabha
Contributor

Hi ,

Below the installation guide mentioned in the addon

- This add-on should be installed on Search Head nodes.
- Drop this bad boy into $SPLUNK_HOME/etc/apps or download from it from the GUI, etc.
- Use the Setup to establish global SM Connection and Credential Parameters, and set the
  Field Captions as exposed in SM's RESTful API.
  - You'll need to talk to your SM administrator to get a user/pass for the API.
    - The user must have the "RESTful API" capability word and rights to create Incident records.
  - Default captions are suggested, based on an out-of-box v9.52 Service Manager API.
  - The out-of-box v9.52 probsummary extaccess record still captions Subcategory and
    Area respectively as Area and Subarea, even though the Incident screen labels them
    as Subcategory and Area. For consistency, it is recommended that the Service Manager
    Administrator re-caption these in the probsummary extaccess record.
- That's it! The add-on is installed!
- Now, when you or your users are creating alerts which will generate SM Incident
  tickets, you can select which values will go into which fields.
  - These can be the same values for all alerts, or separate values - as you please, but in
    this release they will need to be re-entered for each alert if you choose the former.

- Deploy to Distributed Search Head Cluster:
  You'll need to set the SM operator password on each node. Sorry about that, but since this
  add-on uses the storage/passwords API to encrypt the SM operator password, it is what it is.
  You can set every other global parameter in the Setup, and then only have to set the
  password on each node, though.

Please note that this is an addon and you will be able to view it in the alert action

View solution in original post

iamarkaprabha
Contributor

Hi ,

Below the installation guide mentioned in the addon

- This add-on should be installed on Search Head nodes.
- Drop this bad boy into $SPLUNK_HOME/etc/apps or download from it from the GUI, etc.
- Use the Setup to establish global SM Connection and Credential Parameters, and set the
  Field Captions as exposed in SM's RESTful API.
  - You'll need to talk to your SM administrator to get a user/pass for the API.
    - The user must have the "RESTful API" capability word and rights to create Incident records.
  - Default captions are suggested, based on an out-of-box v9.52 Service Manager API.
  - The out-of-box v9.52 probsummary extaccess record still captions Subcategory and
    Area respectively as Area and Subarea, even though the Incident screen labels them
    as Subcategory and Area. For consistency, it is recommended that the Service Manager
    Administrator re-caption these in the probsummary extaccess record.
- That's it! The add-on is installed!
- Now, when you or your users are creating alerts which will generate SM Incident
  tickets, you can select which values will go into which fields.
  - These can be the same values for all alerts, or separate values - as you please, but in
    this release they will need to be re-entered for each alert if you choose the former.

- Deploy to Distributed Search Head Cluster:
  You'll need to set the SM operator password on each node. Sorry about that, but since this
  add-on uses the storage/passwords API to encrypt the SM operator password, it is what it is.
  You can set every other global parameter in the Setup, and then only have to set the
  password on each node, though.

Please note that this is an addon and you will be able to view it in the alert action

Anirban92Chakra
New Member

I need some more details like if this can close incident also. Also from authentication part, needs to be more specific about the user that can access the HPSM using rest api

0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...