Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

ITSI Webhook Integration

Kaitsu
Explorer
‎03-26-2026 11:27 PM

Hi everyone,

I’m currently working on a new Splunk deployment, migrating from a different event management tool to Splunk 10.0.2 and ITSI 4.21.1. We are running a Search Head Cluster (SHC) with three members.

As I’m still relatively new to Splunk, I wanted to check if I’ve missed a configuration step: I noticed that a Webhook (ITSI Data integrations/Integrations library/Webhooks)
I configured on one member isn't visible on the other two members of the cluster.

Shouldn't these configurations sync automatically across the SHC, or is there a specific step I need to take to replicate Webhook settings in ITSI?

Thanks in advance for the help!





Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kknairr
Communicator
‎03-28-2026 11:29 AM

@Kaitsu Webhook integrations in ITSI do not automatically sync across Search Head Cluster members unless they are created via the deployer. What you are seeing is expected if the webhook was configured locally on one node. The correct approach is to configure integrations via the deployer, so they propagate to all SHC members.

Refer this doc:

Install IT Service Intelligence in a search head cluster environment | Splunk Cloud Platform, Splunk...

>>

If this post addressed your question, you can:

  • Give it karma to show appreciation 👍
  • Mark it as the solution if it solved your issue ✔️
  • Add a comment if you’d like more details ✏️

Acknowledging helpful answers keeps the community strong and motivates contributors to continue sharing their expertise.

>>

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Kaitsu
Explorer
‎03-30-2026 10:11 PM
Thanks for the replies. I’ll will do the configuration via the Deployer.



0 Karma
Reply
Solved! Jump to solution

kknairr
Communicator
‎03-31-2026 10:13 AM

@Kaitsu You're welcome. Let us know if you face any further issues. Thank you.

0 Karma
Reply
Solved! Jump to solution

livehybrid
SplunkTrust
SplunkTrust
‎03-29-2026 02:35 PM

Hi @kknairr I dont think that is strictly true? Im sure Ive seen ITSI Webhooks from the Integrations Library which have been created in the GUI and synced themselves between members of the SHC just like many other ITSI configs?

I cant see anything in the referenced docs relating to this either, its true when first deploying ITSI to the SHC you would use the deployer (+ perhaps manual conf changes) but not sure about making UI changes directly on the captain only?

Also 'unless they are created on the cluster captain and replicated via the deployer' are two conflicting actions? 

Please could you clarify?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Solved! Jump to solution

kknairr
Communicator
‎03-30-2026 10:41 AM

@livehybrid / @PickleRick I meant pushing via deployer only. Updating in captain node also won't help in this case. Thanks for pointing it out.

0 Karma
Reply
Solved! Jump to solution
Solution

kknairr
Communicator
‎03-28-2026 11:29 AM

@Kaitsu Webhook integrations in ITSI do not automatically sync across Search Head Cluster members unless they are created via the deployer. What you are seeing is expected if the webhook was configured locally on one node. The correct approach is to configure integrations via the deployer, so they propagate to all SHC members.

Refer this doc:

Install IT Service Intelligence in a search head cluster environment | Splunk Cloud Platform, Splunk...

>>

If this post addressed your question, you can:

  • Give it karma to show appreciation 👍
  • Mark it as the solution if it solved your issue ✔️
  • Add a comment if you’d like more details ✏️

Acknowledging helpful answers keeps the community strong and motivates contributors to continue sharing their expertise.

>>

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎03-30-2026 01:21 AM

Cluster captaincy doesn't have anything to do with deploying apps!

A user normally doesn't even know what and where the captain is.

Anyway, normally the config is either defined as an app on the _deployer_ and pushed to the SHC members or config elements are set using REST API (which WebUI uses as well) and are then replicated using clustering mechanisms to all SHC members.

I don't think ITSI as such introduces any limitations to the normal SH clustering management operations.

So the thing you _don't_ want to do is define configuration entries _by means of directly editing config files_ on a single SHC member. Those might not be replicated to other peers and might get overwritten with settings from other peers.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...