Microsoft Azure Monitor integration for Splunk On-Call ๐
Microsoft Azure Monitor allows you to gain visibility and control across your hybrid cloud with simplified operations management and security. This integration allows you to make use of Splunk On-Call incident management for all your Azure alerts. The following instructions guide you through the integration.
Requirements ๐
This integration is compatible with the following versions of Splunk On-Call:
Starter
Growth
Enterprise
Splunk On-Call ๐
Activate the Microsoft Azure integration by navigating to Integrations, All integrations. Select the Azure Monitoring integration option, then select Enable Integration.
Copy the service API endpoint to your clipboard. Make sure to update the routing keys. See Create Routing Keys in Splunk On-Call.
Azure Monitoring configuration ๐
To send requests to trigger an incident in Splunk On-Call, you can use alerting, which is native to Azureโs Monitoring functionality.
Follow these steps:
Login to Azure portal. From the menu, select Monitoring, Alerts, New Alert Rule.
Define the alert rule based on your monitoring needs.
Define the alert details with any name and description.
Select a new action group to call your new Splunk On-Call Service API Endpoint.
For all the names, fill in a value of
splunkoncall
to help define the action.For the action, select
webhook
.Paste the service endpoint you copied to your clipboard from Splunk On-Call.
Turn on the common alert schema.
Select OK.
Make sure to link the newly created Splunk On-Call action group to the desired alert rules.
Alerts flow into the Splunk On-Call timeline based on the trigger conditions.