All Apps and Add-ons

Installation & setup guide is not available for Service Manager Integration Add-on

Anirban92Chakra
New Member

There is very less details available on this application. Also the setup page didn't came once I install this. Also please provide some document if available.

0 Karma
1 Solution

iamarkaprabha
Contributor

Hi ,

Below the installation guide mentioned in the addon

- This add-on should be installed on Search Head nodes.
- Drop this bad boy into $SPLUNK_HOME/etc/apps or download from it from the GUI, etc.
- Use the Setup to establish global SM Connection and Credential Parameters, and set the
  Field Captions as exposed in SM's RESTful API.
  - You'll need to talk to your SM administrator to get a user/pass for the API.
    - The user must have the "RESTful API" capability word and rights to create Incident records.
  - Default captions are suggested, based on an out-of-box v9.52 Service Manager API.
  - The out-of-box v9.52 probsummary extaccess record still captions Subcategory and
    Area respectively as Area and Subarea, even though the Incident screen labels them
    as Subcategory and Area. For consistency, it is recommended that the Service Manager
    Administrator re-caption these in the probsummary extaccess record.
- That's it! The add-on is installed!
- Now, when you or your users are creating alerts which will generate SM Incident
  tickets, you can select which values will go into which fields.
  - These can be the same values for all alerts, or separate values - as you please, but in
    this release they will need to be re-entered for each alert if you choose the former.

- Deploy to Distributed Search Head Cluster:
  You'll need to set the SM operator password on each node. Sorry about that, but since this
  add-on uses the storage/passwords API to encrypt the SM operator password, it is what it is.
  You can set every other global parameter in the Setup, and then only have to set the
  password on each node, though.

Please note that this is an addon and you will be able to view it in the alert action

View solution in original post

iamarkaprabha
Contributor

Hi ,

Below the installation guide mentioned in the addon

- This add-on should be installed on Search Head nodes.
- Drop this bad boy into $SPLUNK_HOME/etc/apps or download from it from the GUI, etc.
- Use the Setup to establish global SM Connection and Credential Parameters, and set the
  Field Captions as exposed in SM's RESTful API.
  - You'll need to talk to your SM administrator to get a user/pass for the API.
    - The user must have the "RESTful API" capability word and rights to create Incident records.
  - Default captions are suggested, based on an out-of-box v9.52 Service Manager API.
  - The out-of-box v9.52 probsummary extaccess record still captions Subcategory and
    Area respectively as Area and Subarea, even though the Incident screen labels them
    as Subcategory and Area. For consistency, it is recommended that the Service Manager
    Administrator re-caption these in the probsummary extaccess record.
- That's it! The add-on is installed!
- Now, when you or your users are creating alerts which will generate SM Incident
  tickets, you can select which values will go into which fields.
  - These can be the same values for all alerts, or separate values - as you please, but in
    this release they will need to be re-entered for each alert if you choose the former.

- Deploy to Distributed Search Head Cluster:
  You'll need to set the SM operator password on each node. Sorry about that, but since this
  add-on uses the storage/passwords API to encrypt the SM operator password, it is what it is.
  You can set every other global parameter in the Setup, and then only have to set the
  password on each node, though.

Please note that this is an addon and you will be able to view it in the alert action

Anirban92Chakra
New Member

I need some more details like if this can close incident also. Also from authentication part, needs to be more specific about the user that can access the HPSM using rest api

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...