Splunk
You can install the Splunk integration to post data to Moogsoft AIOps when an alert occurs.
The Splunk integration does not support authentication options and security certificate bypass is not supported when the app is in the default SSL mode.
See the Splunk documentation for more information.
Before You Begin
The Splunk integration has been validated with Splunk versions 6.5, 6 6, 7.0, 7.1, 7.2, 7.3 and 8.0. Before you start to set up your integration, ensure you have met the following requirements:
-
You have an active Splunk account.
-
Splunk can make requests to external endpoints over port 443.
Configure the Splunk Integration
To configure the Splunk integration:
-
Navigate to the Integrations tab.
-
Click Splunk in the Monitoring section.
-
Provide a unique integration name. You can use the default name or customize the name according to your needs.
Configure the Splunk Add-On
Log in to Splunk and install the Add-On for Moogsoft AIOps in order to send alerts from Splunk to Moogsoft AIOps.
The Add-On uses the Splunk search to fetch data from Splunk and send it to Moogsoft AIOps. If you are installing the Add-On in a distributed deployment, you only need to do so on the search head.
-
Install the add-on from Apps in the console or from Splunkbase, the Splunk marketplace.
If using on-premises versions of Splunk and Moogsoft AIOps, copy the
server.pem
file to<splunk_home>/etc/apps/TA-Splunk-Moogsoft/bin
.Note
You can also store or copy a Moogsoft AIOps certificate in
<splunk_home>/etc/apps/TA-Splunk-Moogsoft/local
.To do this, configure the relative path in the 'Moogsoft Certificate Path' with '
../local/server.pem
'. -
Configure the triggers for Splunk alerts to be forwarded to the integration as follows:
Field
Value
URL
<url of the integration>
For example: https://<localhost>/events/splunk_lam_splunk1
Alert Severity
Enter a severity. Clear, Indeterminate, Minor, Major, Critical.
Moogsoft AIOps Certificate
Enter your certificate location if using an on-premises version of Moogsoft AIOps and Splunk. Otherwise leave empty.
-
Save the changes.
After you complete the configuration, Splunk sends new alerts to Moogsoft AIOps.