Splunk

Splunk delivers operational intelligence software that monitors, reports, and analyzes real-time machine data.

When events meet predetermined criteria, this integration relays critical Splunk alert data to the correct people and systems to help coordinate and resolve incidents faster.

Do more with this integration

Incorporate this integration into your orchestrated incident resolution workflows with Flow Designer. After you create a configuration, the Flows tab appears. From there, you can build your flows — add new response options, connect to other apps, or even create new xMatters alerts based on activities in the flow — enriching the information injected by this integration along the way.

Flow Designer also includes a built-in Splunk trigger so you can automatically initiate flows when Splunk sends an alert to xMatters.

Get all your questions on integrating with Splunk answered — take a live, online workshop led by one of our xPerts.

Get started with Splunk

 

You can find information on using our app with Splunk IT Service Intelligence here.

How to set up a Splunk configuration

After you give your configuration a name and description, type a name to use when sending alerts (so you can easily tell which configuration or integration the alerts are from).

 

Once you save the configuration, xMatters displays the settings you need to configure Splunk:

You can now install the xMatters app from Splunkbase into your Splunk instance and, during installation, paste the provided URL into the Inbound Integration URL field. Then you just need to restart your Splunk instance, and you can start sending notable events to xMatters.

Be sure to select the xMatters app in Splunkbase, and NOT the xMatters Actionable Alerts for Splunk ITSI app.

You can now create Alert-type searches that automatically forward the details to xMatters whenever they are triggered.

Troubleshooting

"Cannot find credential information" errors

You may encounter the following error message when configuring a connection from the xMatters app to Splunk:

ERROR: Delete user failed, cannot find the credential information with id : credential::xmatters_password:

This is due to a failed operation after the credential data is delivered. To resolve this issue, follow the direction in the support article here.

Extending your integration

Looking to do more with xMatters and Splunk? If you want to tailor the settings and notifications for the integration, you can convert it to a custom workflow.