Use the custom Remedy Incident Integration alert actions in the Splunk Add-on for BMC Remedy Using SOAP API
The Splunk Add-on for Remedy supports automatic incident creation and incident update from custom alert actions.
To use custom alert actions, you must either be a Splunk administrator or a user with the appropriate capability:
list_storage_passwords
if you are using Splunk platform 6.5.0 or lateradmin_all_objects
if you are using an earlier version of the Splunk platform
Before you can use the custom alert actions, set up the add-on. See Set up the Splunk Add-on for BMC Remedy.
Create or update an incident from the Remedy Incident Integration alert action
- Write a search string that you want to use to trigger incident creation in Remedy.
- Click Save As > Alert.
- Fill out the Alert form. Give your alert a unique name and indicate whether the alert should be a real-time alert or a scheduled alert. See Getting started with Alerts in the Alerting Manual, part of the Splunk Enterprise documentation for more information.
- Under Trigger Actions, click Add Actions, and select Remedy Incident Integration and Add to Triggered Alerts from the list.
- Enter values for the fields to specify parameters for your incident.
- Correlation Id: A free-form descriptive label that uniquely identifies and ties to an incident record in the Remedy system.
- If a correlation ID does not exists in Remedy, a triggered alert will create a new incident in Remedy
- If a correlation ID already exists in Remedy, a triggered alert will update the corresponding incident already created in Remedy.
You can use variables (surrounded by two $ signs) when defining this field to dynamically generate IDs for triggered alerts. For example: Remedy_$result.event_id$. - If kept empty, Add-on will generate a unique correlation ID each time alert is triggered.
- Summary: A brief description of the incident, mandatory for creating new incidents.
- Configuration Item: The item defined in the Remedy system that you want to create or update incident for. If the value you enter does not exist in Remedy, this field will be ignored when an incident is created or updated.
- Impact: Incident impact level.
- Urgency: Incident urgency level.
- Status: Select this option if you want to set the incident to the Resolved in Remedy.
- Status Reason: A brief explanation of the incident status. When the Status field is set to Resolved, this field is required.
- Work Info: Work information around the incident.
- Custom Fields: "||" separated key value pair must be added for any fields that are not mentioned in your Alert Action form, but supported by HPD:IncidentServiceInterface API of BMC Remedy ITSM. E.g. Company=XYZ||Assigned_Group=ITIL. This could also be used to overwrite the values specified in the above form fields. These custom fields must be one of the fields present in the
HPD_IncidentServiceInterface
wsdl under the element<xsd:element default="PROCESS_EVENT" minOccurs="0" name="Action" type="xsd:string"/>
- Correlation Id: A free-form descriptive label that uniquely identifies and ties to an incident record in the Remedy system.
- Click Save.
Make sure custom fields are configured in your BMC environment and are present in WSDL.
Create or update an incident from the Remedy Incident Integration alert action using REST API
- Write a search string that you want to use to trigger incident creation in Remedy.
- Click Save As > Alert.
- Fill out the Alert form. Give your alert a unique name and indicate whether the alert should be a real-time alert or a scheduled alert. See Getting started with Alerts in the Alerting Manual, part of the Splunk Enterprise documentation for more information.
- Under Trigger Actions, click Add Actions, and select Remedy Incident Integration using REST API and Add to Triggered Alerts from the list.
- Enter values for the fields to specify parameters for your incident.
- Account: Select an account from the drop-down menu, or use the Create new account link to configure a new REST account.
- Correlation Id: A free-form descriptive label that uniquely identifies and ties to an incident record in the Remedy system.
- If a correlation ID does not exists in Remedy, a triggered alert will create a new incident in Remedy
- If a correlation ID already exists in Remedy, a triggered alert will update the corresponding incident already created in Remedy.
You can use variables (surrounded by two $ signs) when defining this field to dynamically generate IDs for triggered alerts. For example: Remedy_$result.event_id$. - If kept empty, Add-on will generate a unique correlation ID each time alert is triggered.
- Summary: A brief description of the incident, mandatory for creating new incidents.
- Configuration Item: The item defined in the Remedy system that you want to create or update incident for. If the value you enter does not exist in Remedy, this field will be ignored when an incident is created or updated.
- Impact: Incident impact level.
- Urgency: Incident urgency level.
- Status: Select this option if you want to set the incident to the Resolved in Remedy.
- Status Reason: A brief explanation of the incident status. When the Status field is set to Resolved, this field is required.
- Work Info: Work information around the incident.
- Custom Fields: "||" separated key value pair must be added for any fields that are not mentioned in your Alert Action form, but supported by HPD:IncidentServiceInterface API of BMC Remedy ITSM. E.g. Company=XYZ||Assigned_Group=ITIL. This could also be used to overwrite the values specified in the above form fields.
- Click Save.
Use custom streaming commands for the Splunk Add-on for BMC Remedy | Troubleshoot the Splunk Add-on for BMC Remedy |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!