Page tree
Skip to end of metadata
Go to start of metadata

You can install the Splunk integration to post data to Moogsoft AIOps when an alert occurs.

The Splunk integration does not support authentication options and security certificate bypass is not supported when the app is in the default SSL mode.

See the Splunk documentation for more information.

Before You Begin

The Splunk integration has been validated with Splunk v. 6.5, v. 6 6 and v. 7.0. Before you start to set up your integration, ensure you have met the following requirements:

  • You have installed Splunk and have an active account.
  • Splunk can make requests to external endpoints over port 443. 

Configure the Splunk Integration

Configure the Splunk integration in Moogsoft AIOps as follows:

  1. Navigate to the Integrations tab.
  2. Click Splunk in the Monitoring section.
  3. Follow the instructions to create an integration name.

See the Splunk Integration Reference for advanced configuration information.

Configure the Splunk Add-On

Log in to Splunk and install the Add-on for Moogsoft AIOps in order to send alerts from Splunk to Moogsoft AIOps.

  1. Install the add-on from Apps in the console or from Splunkbase, the Splunk marketplace.

    If using on-premises of Splunk and Moogsoft AIOps, copy the server.key and the server.pem files to <splunk_home>/etc/apps/TA-Splunk-Moogsoft/bin.

  2. Configure the triggers for Splunk alerts to be forwarded to the integration as follows:

    FieldValue
    URL

    <url of the integration>

    For example: https://<localhost>/events/splunk_lam_splunk1

    Alert SeverityEnter a severity. Clear, Indeterminate, Minor, Major, Critical.
    Moogsoft AIOps CertificateEnter your certificate location if using an on-premises version of Moogsoft AIOps and Splunk. Otherwise leave empty.
  3. Save the changes.

After you complete the configuration, Splunk sends new alerts to Moogsoft AIOps.

  • No labels