Splunk On-Call (VictorOps)

Use the Splunk On-Call integration to triage alerts and remediate them automatically.

Overview

This integration is intended for customers who have Splunk On-Call set up as the primary alerting and on-call management system.

Use Cases

The integration between Fylamynt and Splunk On-Call lets you:

  • Get a list of services offered by Splunk On-Call to ingest alerts.

  • Run remediation/enrichment workflows in Fylamynt, when an alert is triggered.

Configure Splunk On-Call in Fylamynt

  • Navigate to Settings > Integrations > Splunk On-Call (VictorOps).

  • Click Add integration to create and configure a new integration instance.

Details needed to set up Splunk On-Call (VictorOps) instance in Fylamynt:

Parameter

Required

API ID

True

API Key

True

Webhook API Key Name

True

Webhook is used to fetch alerts from Splunk On-Call (VictorOps) in real-time. You can also Enable / Disable Splunk On-Call (VictorOps) Webhook.

Follow the steps listed below in your Splunk On-Call (VictorOps) Account and get the desired parameters to enter in Fylamynt.

  1. In your Splunk On-Call Account, go to "Integrations "-->" API"

  • "Activate API" if API Access if OFF, else copy the available API ID and API Key.

  • Add the API ID and API Key details to the "Authorize Fylamynt" panel.

2. Now setup Splunk On-Call to Fylamynt Outgoing Webook from"Integrations" --> "Outgoing Webhook"

"Add Webhook" with below details: -- Event: Select "Incident-Triggered" from dropdown -- Method: POST -- Content Type: application/json -- Custom Headers: Key: x-api-key Value: add "Webhook API Key Value" from right side panel --To: Copy webhook URL from "Webhook URL" in right side panel --Payload: Copy below to Payload section

{
"INCIDENT.INCIDENT_ID": "${{INCIDENT.INCIDENT_ID}}",
"INCIDENT.INCIDENT_NAME": "${{INCIDENT.INCIDENT_NAME}}",
"INCIDENT.CURRENT_PHASE": "${{INCIDENT.CURRENT_PHASE}}",
"INCIDENT.ENTITY_TYPE": "${{INCIDENT.ENTITY_TYPE}}",
"INCIDENT.SERVICE": "${{INCIDENT.SERVICE}}",
"INCIDENT.ENTITY_STATE": "${{INCIDENT.ENTITY_STATE}}",
"INCIDENT.POLICIES_PAGED.0.POLICY.NAME": "${{INCIDENT.POLICIES_PAGED.0.POLICY.NAME}}",
"INCIDENT.POLICIES_PAGED.0.TEAM.NAME": "${{INCIDENT.POLICIES_PAGED.0.TEAM.NAME}}",
"INCIDENT.MONITOR_TYPE": "${{INCIDENT.MONITOR_TYPE}}",
"INCIDENT.MONITOR_NAME": "${{INCIDENT.MONITOR_NAME}}"
}

Instructions to get Fylamynt "Webhook API Key value": Under Authorize Fylamynt, choose one of the Webhook API Key Name from the dropdown, and the corresponding Webhook API Key Value should be shown. If no options are available for the Webhook API Key Name, first go to Settings --> API Keys --> Manage Keys to Create a New API Key

Integration Actions

You can add these actions in Fylamynt workflow builder, as part of your workflow.

1. Splunk_On_Call Alert

Integration node to trigger Workflow with a selected Splunk On-Call team and escalation policy

Input

Parameter Name

Description

Required

team_name

Select a Splunk On-Call team name

True

escalation_policy

Select a Splunk On-Call escalation policy to fetch alerts in Fylamynt

Ture

Output

Parameter Name

Type

Description

output

Object

JSON of incoming Splunk On-Call alert

id

String

Central identifier for incident.

name

String

Name of the Splunk On-Call incident

entity_state

String

Current state of monitored entity

entity_type

String

Field for specific legacy integrations.

current_phase

String

Phase of Splunk On-Call alert

monitor_name

String

Name of specific monitor

monitor_type

String

Type of monitor

policy_name

String

Name of Splunk On-Call policy

team_name

String

Name of Splunk On-Call team name

service

String

identified service

Action Example

  • Select Splunk On-Call team name

  • Select Splunk On-Call escalation policy

2. Splunk On Call Reroute Incidents

Integration node to re-route selected Splunk On-Call incidents

Input

Parameter Name

Description

Required

Select Username

Select Username to re-route incidents

True

incident_numbers

Select one or more incidents to re-route

True

target_users

Select one or more users to re-route incident

False *

target_policies

Select one or more escalation policies to re-route incident

False *

*target_policies and/or target_policies has to be selected as mandatory for Reroute incidents action.

Output

Parameter Name

Type

Description

execution_message

Object

JSON of Splunk On-Call re-route incident execution

execution_status

String

Status of node execution

Action Example

  • Select Alias, Splunk On-Call Username and provide one or more Splunk On-Call incident numbers

  • Select one or more target users to re-route Splunk On-Call incident

  • Select one or more escalation policies to re-route Splunk On-Call incident

3. Splunk On Call Resolve Incidents

Integration node to resolve selected Splunk On-Call incidents

Input

Parameter Name

Description

Required

Username

Select Username to resolve incidents

True

incident_numbers

Select one or more incidents to resolve

True

Output

Parameter Name

Type

Description

execution_message

Object

JSON of Splunk On-Call resolve incident execution

execution_status

String

Status of node execution

Action Example

  • Select Alias, Splunk On-Call Username, Splunk On-Call Incident numbers