Splunk Integration

The Splunk integration captures alerts from scheduled searches or log monitors and delivers them to on-call responders via ilert. By forwarding relevant technical alerts, your team can rapidly investigate critical events and reduce time to resolution based on log context.

In ilert: Create a Splunk alert source

1. Go to Alert sources --> Alert sources and click on Create new alert source

   
2. Search for Splunk in the search field, click on the Splunk tile and click on Next.

   
3. Give your alert source a name, optionally assign teams and click Next.

4. Select an escalation policy by creating a new one or assigning an existing one.

   
5. Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

   
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.

7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   

In Splunk: Create a search

1. Go to Splunk and then to Search & Reporting. Create a search for which you’d like to create an alert.

1. Click on Save As and then on Alert to add an alert

1. On the modal window name the alert e.g. iLert, choose Webhook in the When triggered section and **paste the Webhook URL that you generated in ilert and click on Save**

1. Finished! Your Splunk alerts will now create alerts in ilert.

FAQ

Will alerts in ilert be resolved automatically?

No, unfortunately Splunk alerts do not fire resolve events.

Can I connect Splunk with multiple alert sources from ilert?

Yes, simply create more action sequences in Splunk.