Splunk® Supported Add-ons

Splunk Add-on for BMC Remedy

Use the custom Remedy Incident Integration alert actions in the Splunk Add-on for BMC Remedy Using SOAP API

The Splunk Add-on for Remedy supports automatic incident creation and incident update from custom alert actions.

To use custom alert actions, you must either be a Splunk administrator or a user with the appropriate capability:

  • list_storage_passwords if you are using Splunk platform 6.5.0 or later
  • admin_all_objects if you are using an earlier version of the Splunk platform

Before you can use the custom alert actions, set up the add-on. See Set up the Splunk Add-on for BMC Remedy.

Create or update an incident from the Remedy Incident Integration alert action

  1. Write a search string that you want to use to trigger incident creation in Remedy.
  2. Click Save As > Alert.
  3. Fill out the Alert form. Give your alert a unique name and indicate whether the alert should be a real-time alert or a scheduled alert. See Getting started with Alerts in the Alerting Manual, part of the Splunk Enterprise documentation for more information.
  4. Under Trigger Actions, click Add Actions, and select Remedy Incident Integration and Add to Triggered Alerts from the list.
  5. Enter values for the fields to specify parameters for your incident.
    • Correlation Id: A free-form descriptive label that uniquely identifies and ties to an incident record in the Remedy system.
      • If a correlation ID does not exists in Remedy, a triggered alert will create a new incident in Remedy
      • If a correlation ID already exists in Remedy, a triggered alert will update the corresponding incident already created in Remedy.
        You can use variables (surrounded by two $ signs) when defining this field to dynamically generate IDs for triggered alerts. For example: Remedy_$result.event_id$.
      • If kept empty, Add-on will generate a unique correlation ID each time alert is triggered.
    • Summary: A brief description of the incident, mandatory for creating new incidents.
    • Configuration Item: The item defined in the Remedy system that you want to create or update incident for. If the value you enter does not exist in Remedy, this field will be ignored when an incident is created or updated.
    • Impact: Incident impact level.
    • Urgency: Incident urgency level.
    • Status: Select this option if you want to set the incident to the Resolved in Remedy.
    • Status Reason: A brief explanation of the incident status. When the Status field is set to Resolved, this field is required.
    • Work Info: Work information around the incident.
    • Custom Fields: "||" separated key value pair must be added for any fields that are not mentioned in your Alert Action form, but supported by HPD:IncidentServiceInterface API of BMC Remedy ITSM. E.g. Company=XYZ||Assigned_Group=ITIL. This could also be used to overwrite the values specified in the above form fields. These custom fields must be one of the fields present in the HPD_IncidentServiceInterface wsdl under the element <xsd:element default="PROCESS_EVENT" minOccurs="0" name="Action" type="xsd:string"/>
  6. Click Save.

Make sure custom fields are configured in your BMC environment and are present in WSDL.

Create or update an incident from the Remedy Incident Integration alert action using REST API

  1. Write a search string that you want to use to trigger incident creation in Remedy.
  2. Click Save As > Alert.
  3. Fill out the Alert form. Give your alert a unique name and indicate whether the alert should be a real-time alert or a scheduled alert. See Getting started with Alerts in the Alerting Manual, part of the Splunk Enterprise documentation for more information.
  4. Under Trigger Actions, click Add Actions, and select Remedy Incident Integration using REST API and Add to Triggered Alerts from the list.
  5. Enter values for the fields to specify parameters for your incident.
    • Account: Select an account from the drop-down menu, or use the Create new account link to configure a new REST account.
    • Correlation Id: A free-form descriptive label that uniquely identifies and ties to an incident record in the Remedy system.
      • If a correlation ID does not exists in Remedy, a triggered alert will create a new incident in Remedy
      • If a correlation ID already exists in Remedy, a triggered alert will update the corresponding incident already created in Remedy.
        You can use variables (surrounded by two $ signs) when defining this field to dynamically generate IDs for triggered alerts. For example: Remedy_$result.event_id$.
      • If kept empty, Add-on will generate a unique correlation ID each time alert is triggered.
    • Summary: A brief description of the incident, mandatory for creating new incidents.
    • Configuration Item: The item defined in the Remedy system that you want to create or update incident for. If the value you enter does not exist in Remedy, this field will be ignored when an incident is created or updated.
    • Impact: Incident impact level.
    • Urgency: Incident urgency level.
    • Status: Select this option if you want to set the incident to the Resolved in Remedy.
    • Status Reason: A brief explanation of the incident status. When the Status field is set to Resolved, this field is required.
    • Work Info: Work information around the incident.
    • Custom Fields: "||" separated key value pair must be added for any fields that are not mentioned in your Alert Action form, but supported by HPD:IncidentServiceInterface API of BMC Remedy ITSM. E.g. Company=XYZ||Assigned_Group=ITIL. This could also be used to overwrite the values specified in the above form fields.
  6. Click Save.
Last modified on 22 July, 2024
Use custom streaming commands for the Splunk Add-on for BMC Remedy   Troubleshoot the Splunk Add-on for BMC Remedy

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters