Splunk® IT Service Intelligence

Event Analytics Manual

Set up Solarwinds alerts in ITSI

Prerequisites

  • You must have Solarwinds installed. For more information, see the Solarwinds site.

Installation

  1. Select a Solarwinds product. For example, SolarWinds SAM.
  2. Download the setup file.
  3. Provision a Windows virtual machine.
  4. Run the setup exe file and follow the guided installation steps.
  5. Verify that Solarwinds is running by going to the Solarwinds Platform web console.
  6. Go to the web console and create a Solarwinds account, noting your username and password.

SolarWinds webhook setup

  1. Log in to the Solarwinds web console.
  2. From the navigation menu, select the Alerts & Activity page.
  3. Click on "Alert Manager."
  4. Create a new alert, or edit an existing alert on the page.
    • To create a new alert, select Add New Alert.
    • To edit an existing alert, select the alert from the list and select Edit.
  5. In the Trigger Actions section, select Add Action.
  6. Select Send a GET or POST Request to a Web Server from the list of action types.
  7. Enter the URL for your Splunk HTTP Event Collector (HEC) endpoint. This typically follows the format: http://<splunk-server>:8088/services/collector/event.
  8. Select Use HTTP/SPOST.
  9. Set the Body to POST to: 
    {
  "event": {
    "Description": "${N=Alerting;M=AlertDescription}",
    "Message": "Component \"${N=SwisEntity;M=ApplicationAlert.ApplicationName}\" is ${N=Alerting;M=Severity}",
    "Uri": "${N=NTA.Alerting;M=NTA.SummaryPageUrl;F=NTALast30MinutesFromTimeTriggeredFormatter}"
  },
  "sourcetype": "solarwinds:alerts"
}
  10. Enter application/json as the content type.
  11. In the Authentication section, select Token. Set the fields to the following values:
    • Header name: Authorization
    • Header Value: Splunk <HEC Token>
  12. Select Save Changes.

Test Solarwinds alert

  1. On the Trigger Actions section, select the button under the Simulate column and select an alert to simulate. A success message confirms that the integration was properly set up.
  2. On the Search page in Splunk, you should begin to see data after running a search with your webhook as the source. For example:

    index=main sourcetype=*solarwinds:alert*

    .
Last modified on 02 June, 2025
Set up Nagios alerts in ITSI   Set up Microsoft System Center Operations Manager alerts in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.20.0

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters