Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Implementing a Incident management system

chimbudp
Contributor
‎06-14-2013 03:42 AM

We are planning to implement INCIDENT MANAGEMENT system in Splunk.
For that we need to integrate a ticketing tool with Splunk.
I have seen the Splunk Enterprise Security app which is similar to what we try to implement.
Is there any ideas on this ?

Tags (2)
0 Karma
Reply

chimbudp
Contributor
‎06-14-2013 06:05 AM

Thats cool. But , will i be getting the conf files and other property files ?

0 Karma
Reply

chris
Motivator
‎06-14-2013 04:31 AM

I think, that the easiest way to "integrate" a ticketing tool with Splunk ist to set up alerts and trigger a script that will create a ticket in your existing ticketing tool ( via whatever interface the tool offers).There is documentation here

The Enterprise Security app does have a workflow implemented to deal with the notable events(which are more or less incidents) that are created. Both of those are part of ES though and not available out of the box in a standard Splunk installation.

Reply

chris
Motivator
‎06-14-2013 02:14 PM

Oh, if you want to have ticketing information in Splunk it will depend on the ticketing tool and it's interfaces. If there is an interface that is exposed to the network (REST ... ) you might be able to get the information from a different machine than the ticketing server.

0 Karma
Reply

chimbudp
Contributor
‎06-14-2013 05:49 AM

Without installing forwarder , cant we achieve this?

0 Karma
Reply

chimbudp
Contributor
‎06-14-2013 05:49 AM

I need to set up a forwarder in the ticket tool server . there i need to configure the scripted inputs to get the ticket detials and populate in Splunk.
Problem here is Ticket Tool domain control is with another stream of business , where they provide access to install UF.

0 Karma
Reply

Ayn
Legend
‎06-14-2013 04:26 AM

Get the Enterprise Security app? 😃

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...