Here is PagerDuty online guide, but step 5 incorrect within the Splunk section. The Integration URL is just the unique Integration Key not the Integration URL that PagerDuty provides. Had the same problem.
# this search will show the PagerDuty Alert logs. index=_internal action=pagerduty source!="/opt/splunk/var/log/splunk/splunkd_ui_access.log" source!="/opt/splunk/var/log/splunk/web_access.log" source!="/opt/splunk/var/log/splunk/remote_searches.log"
Are there any considerations for the install in a distributed environment with primary and secondary search heads/clustered indexing? Does this just get installed on the search head? We push our apps via the deployment server.
Can I get confirmation that:
Step 5 of the Pagerduty in their integration guide is incorrect. Instead of entering the URL provided by the Pagerduty/Configuration/Services/Splunk Alerts/Splunk, use JUST the integration key from the same screen.
Inside the Splunk alert, I add PagerDuty as the trigger action and include the KEY, not the URL.