# Splunk On-Call (VictorOps) ## Overview This integration is intended for customers who have Splunk On-Call set up as the primary alerting and on-call management system. ## Use Cases The integration between Fylamynt and Splunk On-Call lets you: * Reroute a list of Splunk On-Call incidents. * Resolve a list of Splunk On-Call incidents. * Trigger a workflow in Fylamynt, when a specific Splunk On-Call Incident goes into the state of ALERT. ## Configure Splunk On-Call in Fylamynt * Navigate to **Settings** > **Integrations** > Splunk On-Call (VictorOps) * Configure a new integration instance Details needed to set up **Splunk On-Call** (VictorOps) instance in **Fylamynt**:
ParameterDescriptionRequired
ParameterDescriptionRequired
API IDAPI ID obtained from Splunk On-Call (VictorOps)True
API KeyAPI Key obtained from Splunk On-Call (VictorOps)True
Webhook API Key Name Fylamynt API Key nameTrue
Splunk On-Call Webhook URLFylamynt Webhook URL to be used by Splunk On-Call (VictorOps) service
Webhook is used to fetch alerts from Splunk On-Call (VictorOps) in real-time. You can also Enable / Disable Splunk On-Call (VictorOps) Webhook. Follow the steps listed below in your Splunk On-Call (VictorOps) Account and get the desired parameters to enter in Fylamynt. 1. In your Splunk On-Call Account, go to "Integrations "-->" API" ![](https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MXYvxfYq9m2JdKqaCdk%2F-MaZgCME27DywEoGz1ZN%2F-MaZh-hS6Eme8t6D3pjw%2Fimage.png?alt=media\&token=274cd9e2-baf8-4d95-983b-4b9a0aedbdaa) * "Activate API" if API Access if OFF, else copy the available API ID and API Key. * Add the API ID and API Key details to the "Authorize Fylamynt" panel. 2\. Now setup Splunk On-Call to Fylamynt Outgoing Webook from"Integrations" --> "Outgoing Webhook"![](blob:https://fylamynt.atlassian.net/d244e92e-566e-4d5d-8aa7-d8a37bc50994#media-blob-url=true\&id=3c65465e-be6c-4b36-85c0-9c6105676223\&collection=contentId-534511747\&contextId=534511747\&mimeType=image%2Fpng\&name=image-20210521-155614.png\&size=29718\&width=893\&height=309) ![](https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MXYvxfYq9m2JdKqaCdk%2F-MaZgCME27DywEoGz1ZN%2F-MaZh54M_CvrTnAMW1ZB%2Fimage.png?alt=media\&token=91324c3b-60bb-49da-a743-e4334e99ee33) "Add Webhook" with below details:\ \&#xNAN;**-- Event:**\ Select "Incident-Triggered" from dropdown\ \&#xNAN;**-- Method**: POST\ \&#xNAN;**-- Content Type:** application/json\ \&#xNAN;**-- Custom Headers:**\ Key: x-api-key\ Value: add "Webhook API Key Value" from right side panel\ \&#xNAN;**--To:**\ Copy webhook URL from "Webhook URL" in right side panel\ \&#xNAN;**--Payload:**\ Copy below to **Payload** section ``` { "INCIDENT.INCIDENT_ID": "${{INCIDENT.INCIDENT_ID}}", "INCIDENT.INCIDENT_NAME": "${{INCIDENT.INCIDENT_NAME}}", "INCIDENT.CURRENT_PHASE": "${{INCIDENT.CURRENT_PHASE}}", "INCIDENT.ENTITY_TYPE": "${{INCIDENT.ENTITY_TYPE}}", "INCIDENT.SERVICE": "${{INCIDENT.SERVICE}}", "INCIDENT.ENTITY_STATE": "${{INCIDENT.ENTITY_STATE}}", "INCIDENT.POLICIES_PAGED.0.POLICY.NAME": "${{INCIDENT.POLICIES_PAGED.0.POLICY.NAME}}", "INCIDENT.POLICIES_PAGED.0.TEAM.NAME": "${{INCIDENT.POLICIES_PAGED.0.TEAM.NAME}}", "INCIDENT.MONITOR_TYPE": "${{INCIDENT.MONITOR_TYPE}}", "INCIDENT.MONITOR_NAME": "${{INCIDENT.MONITOR_NAME}}" } ``` Instructions to get Fylamynt **"Webhook API Key value":**\ Under Authorize Fylamynt, choose one of the **Webhook API Key Name** from the dropdown, and the corresponding **Webhook API Key Value** should be shown. If no options are available for the **Webhook API Key Name**, first go to **Settings** --> API Keys --> **Manage Keys** to Create a New API Key ## Integration Actions You can add these actions in the Fylamynt workflow builder, as part of your workflow. 1. [Splunk On-Call Alert Trigger](#splunk-on-call-alert-trigger) 2. [Splunk On-Call Reroute Incident](#splunk-on-call-reroute-incidents) 3. [Splunk On-Call Resolve Incident](#splunk-on-call-resolve-incidents) ### **Splunk On-Call Alert Trigger** The integration node triggers the automatic execution of a workflow from a combined selection of a **Splunk On-Call Team** and **Escalation Policy.** When creating a workflow, you are presented with a wizard to select the trigger type to use. * On the workflow page, select **New Workflow** * Enter the name of the Workflow. * Select the **Splunk On-Call** trigger type. * Click **Create Workflow** * ![](https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MXYvxfYq9m2JdKqaCdk%2Fuploads%2FkyNORyuISDpGXI5oopM0%2Fimage.png?alt=media\&token=a75984f4-d843-42e6-9ad4-38e33bb011eb) #### Configure the automatic execution of a workflow To automatically run workflows with the Splunk On-Call Alert trigger, the incident type and assignment need to be configured. Follow the step-by-step instructions provided on the[ Incident Management - Automatic workflow execution](https://docs.fylamynt.com/getting-started-1/7.-incident-management-automatic-workflow-execution) page. ### **Splunk On-Call Reroute Incidents** Integration node to re-route selected Splunk On-Call incidents **Input** | **Parameter Name** | **Description** | **Required** | | ------------------ | ----------------------------------------------------------- | ------------ | | Select Username | Select Username to re-route incidents | True | | incident\_numbers | Select one or more incidents to re-route | True | | target\_users | Select one or more users to re-route incident | False \* | | target\_policies | Select one or more escalation policies to re-route incident | False \* | \*target\_policies and/or target\_policies have to be selected as mandatory for Reroute incidents action. **Output** | **Parameter Name** | **Type** | **Description** | | ------------------ | -------- | -------------------------------------------------- | | execution\_message | Object | JSON of Splunk On-Call re-route incident execution | | execution\_status | String | Status of node execution | **Action Example** * Drag and drop the Splunk On-call Reroute Action node onto the Workflow Editor Canvas * Select the Action node * Add the Incident Numbers * Select the Username * Select either or both of the following: * Select one or more target users to re-route the Splunk On-Call incident * Select one or more escalation policies to re-route the Splunk On-Call incident ![](https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MXYvxfYq9m2JdKqaCdk%2Fuploads%2FF3ateHhl3xLaakRvlGEI%2Fimage.png?alt=media\&token=a491e6a7-f24d-4b0c-9da1-94198d65a22c) ### **Splunk On-Call Resolve Incidents** Integration node to resolve selected Splunk On-Call incidents **Input** | **Parameter Name** | **Description** | **Required** | | ------------------ | --------------------------------------- | ------------ | | Username | Select Username to resolve incidents | True | | incident\_numbers | Select one or more incidents to resolve | True | **Output** | **Parameter Name** | **Type** | **Description** | | ------------------ | -------- | ------------------------------------------------- | | execution\_message | Object | JSON of Splunk On-Call resolve incident execution | | execution\_status | String | Status of node execution | **Action Example** * Drag and drop the Splunk On-call Resolve Action node onto the Workflow Editor Canvas * Select the Action node * Add the Incident Numbers * Select the Username ![](https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MXYvxfYq9m2JdKqaCdk%2Fuploads%2FVV4VgTw4236r8RAy0UuC%2Fimage.png?alt=media\&token=2cad13ba-1bcb-40ea-bc48-5c12663f3a85) ##