Splunk® Supported Add-ons

Splunk Add-on for BMC Remedy

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Specify required fields for incidents for the Splunk Add-on for BMC Remedy

After installing the add-on and completing the add-on setup, use the custom commands included in the add-on, or Splunk Enterprise alert actions, to create and update incidents in Remedy from a Splunk software search.

Use the required and optional fields contained in the Splunk Add-on for BMC Remedy to create or update Remedy incidents from your WSDL files. The Splunk Add-on for BMC Remedy provides the configuration files you need to include all of the required fields on your Remedy system used to create and update incidents.

If you are using Notepad or another native Windows text editor to edit this file in a Windows environment, make sure you set it not to use DOS line breaks. Extra line breaks can cause the .conf file to not be interpreted correctly on Unix/Linux systems.

Configure the field list to use custom commands to create and update incidents

When executing a custom command, the add-on gets the required and optional fields for creating or updating a Remedy incident from the WSDL files. However, in most cases the fields actually required by your Remedy system are only a subset of the required fields in the WSDL file. The Splunk Add-on for BMC Remedy provides a remedy_fields.conf file with preconfigured required fields for both incident creation and update. The required fields in this file override the required fields in the WSDL. You need to customize this file to include all of the required fields for your Remedy system. Adding the required fields for your Remedy system in this file allows you to specify only the required arguments for your system when you run the commands, rather than all of the required arguments in the WSDL.

The required fields for a default Remedy configuration are included in the remedy_fields.conf file. The following six fields are required for creating incidents in a default Remedy configuration: First_Name, Last_Name, Impact, Status, Summary and Urgency. The following three fields are required for updating incidents in a default Remedy configuration: Incident_Number, Status, and Summary. Edit the list of fields to specify all of the fields that are required by your Remedy system.

Service_Type and Reported_Source are included as default fields with default values for creating incidents in remedy_fields.conf. You can change the values of these default fields to match other values that have been defined in your Remedy system if desired.

Follow these steps to specify required fields for Remedy incidents using remedy_fields.conf.

  1. Go to $SPLUNK_HOME/etc/apps/Splunk_TA_remedy and make a new directory called /local if it does not already exist.
  2. Copy $SPLUNK_HOME/etc/apps/Splunk_TA_remedy/default/remedy_fields.conf to $SPLUNK_HOME/etc/apps/Splunk_TA_remedy/local/remedy_fields.conf.
  3. Open the local remedy_fields.conf file in a text editor. The contents look like this:
    [create_incident]
    required = First_Name, Last_Name, Impact, Status, Summary, Urgency
    Service_Type = Infrastructure Event
    Reported_Source = Other
    
    [update_incident]
    required = Incident_Number, Status, Summary
    
  4. Under the [create_incident] stanza, edit the list of fields to reflect the fields that are required by your Remedy system for incident creation. Use comma separated format. Note: The lines Service_Type = Infrastructure Event and Reported_Source = Other are default fields and values. You can change the default values to other values defined in your Remedy system if desired.
  5. Under the [update_incident] stanza, edit the list of fields to reflect the fields that are required by your Remedy system when updating an incident. Use comma separated format.
  6. Save the file.

Example remedy_fields.conf with updated values for a unique Remedy environment:

[create_incident]
required = First_Name, Last_Name, Impact, Status, Summary, Urgency, Action, Assignee, Status_Reason 
Service_Type = Infrastructure Event
Reported_Source = Other

[update_incident]
required = Incident_Number, Status, Summary, Action, Impact

Configure the field list to use alert actions to create and update incidents

When executing an alert action, the Splunk Add-on for BMC Remedy contains an alert_actions.conf file with preconfigured fields for both incident creation and updates. The required fields in this file override the required fields in the WSDL. Adding the additional fields for your Remedy system in this file lets you specify any required arguments for your system when you run the alert action, apart from the arguments specified in this conf file.

The fields considered for a default Remedy configuration during alert action execution are included in the alert_actions.conf file. The field required for creating or updating the incidents through alert actions is correlation_id (field identified in the WSDL list: mc_ueid). The following seven fields are also considered for creating or updating the incidents through alert action in a default Remedy configuration. Edit the list of fields to specify all of the fields that you to want to be considered by your Remedy system:

  • Summary
  • Urgency
  • Impact
  • Incident_Status
  • Incident_Status_Reason
  • Work_Info_Details
  • HPD_CI

Follow these steps to specify the additional fields for Remedy incidents using alert_actions.conf:

  1. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_remedy and create a /local directory, if it does not already exist.
  2. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_remedy/default/, copy alert_actions.conf, and paste it in $SPLUNK_HOME/etc/apps/Splunk_TA_remedy/local/
  3. .
  4. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_remedy/local/, and open alert_actions.conf in a text editor.
  5. [remedy_incident]
    is_custom = 1
    param.mc_ueid =
    param.incident_status =
    param.summary =
    param.urgency = 1-Critical
    payload_format = json
    param.incident_status_reason =
    icon_path = alert_remedy_incident.png
    param.ci =
    label = Remedy Incident Integration
    description = Create/Update Remedy incident based on the search result
    param.work_info_details =
    param.impact = 1-Extensive/Widespread
    


  6. Under the [remedy_incident] stanza, add a new line that specifies the new custom field and its value that you want your Remedy system to consider when creating or updating incidents. For example, param.<field_name>= <value of the field>.

    Specify only fields whose value will remain constant across all the incidents that will be created with alert actions.

  7. Save your changes.
  8. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_remedy/README, and open the alert_actions.conf.spec file in a text editor.
    [remedy_incident]
    param.mc_ueid = <string> Correlation ID. It's a required parameter.
    param.ci = <string> Configuration Item.
    param.incident_status = <bool> Status.
    param.summary = <string> Summary.
    param.urgency = <list> Urgency.  It's default value is 1-Critical.
    param.work_info_details = <string> Work Info.
    param.incident_status_reason = <list> Status Reason.
    param.impact = <list> Impact.  It's default value is 1-Extensive/Widespread.
    
  9. Under the [remedy_incident] stanza, add a new line that specifies the type of information from the custom field you added in the previous step. For example, param.<field_name> = <Type> <Field description>)
  10. Save your changes.
  11. Restart your Splunk platform instance.

Example alert_actions.conf with updated values for a unique Remedy environment

[remedy_incident]
is_custom = 1
param.mc_ueid =
param.incident_status =
param.summary =
param.urgency = 1-Critical
payload_format = json
param.incident_status_reason =
icon_path = alert_remedy_incident.png
param.ci =
label = Remedy Incident Integration
description = Create/Update Remedy incident based on the search result
param.work_info_details =
param.impact = 1-Extensive/Widespread
param.Company = XYZ Inc.                      // Custom field

Example alert_actions.conf.spec with updated values for a unique Remedy environment

[remedy_incident]
param.mc_ueid = <string> Correlation ID. It's a required parameter.
param.ci = <string> Configuration Item.
param.incident_status = <bool> Status.
param.summary = <string> Summary.
param.urgency = <list> Urgency.  It's default value is 1-Critical.
param.work_info_details = <string> Work Info.
param.incident_status_reason = <list> Status Reason.
param.impact = <list> Impact.  It's default value is 1-Extensive/Widespread.
param.Company = <string> Company Name.        // Custom field

Verify that the fields you have specified in the configuration files are are compatible with the WSDL format.

Last modified on 09 July, 2020
PREVIOUS
Set up the Splunk Add-on for BMC Remedy
  NEXT
Overview of the commands available with the Splunk Add-on for BMC Remedy

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters