With the ilert Splunk integration, you can create alerts in ilert based on Splunk alerts.
- 1.Go to Alert sources --> Alert sources and click on Create new alert source
- 2.Search for Splunk in the search field, click on the Splunk tile and click on Next.
- 3.Give your alert source a name, optionally assign teams and click Next.
- 4.Select an escalation policy by creating a new one or assigning an existing one.
- 5.Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
- 6.The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.
- 7.On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.
- 1.Go to Splunk and then to Search & Reporting. Create a search for which you’d like to create an alert.
- 2.Click on Save As and then on Alert to add an alert
- 3.On the modal window name the alert e.g. iLert, choose Webhook in the When triggered section and **paste the Webhook URL that you generated in ilert and click on Save**
- 4.Finished! Your Splunk alerts will now create alerts in ilert.
Will alerts in ilert be resolved automatically?
No, unfortunately Splunk alerts do not fire resolve events.
Can I connect Splunk with multiple alert sources from ilert?
Yes, simply create more action sequences in Splunk.