Kapacitor integration for Splunk On-Call π
Kapacitor is an open source data processing framework that makes it easy to create alerts, run ETL jobs and detect anomalies. The following guide walks you through this integration.
Requirements π
This integration is compatible with the following versions of Splunk On-Call:
Starter
Growth
Enterprise
Splunk On-Call configuration π
From the Splunk On-Call web portal, select Integrations. From the resulting list of integration options, select Kapacitor, then Enable Integration.
Copy the Service API Key to the clipboard. Make sure to replace $routing_key
with a valid routing key. See Create Routing Keys in Splunk On-Call.
Kapacitor configuration π
In the Kapacitor configuration file, for example kapacitor.conf, locate the [victorops]
section, then set:
enabled
totrue
api-key
to the API key you obtained in Splunk On-Callrouting-key
to the routing key you want to use.
For example:
[victorops]
enabled = true
api-key = "558e7ebc-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
routing-key = "Sample_route"
Now you can chain .victorOps()
and .routingKey()
in the TICKscript.
The following snippet shows who to send alerts to Splunk On-Call with the routing key set to the value of
routing-key
in the Kapacitor configuration file:
stream
|alert()
.victorOps()
The following snippet shows who to send alerts to Splunk On-Call with the routing_key set to Another_route
:
stream
|alert()
.victorOps()
.routingKey('Another_route')
If you want to send all alerts to Splunk On-Call without explicitly stating it in the TICKscript, set global
to true
in the [victorops]
section of the Kapacitor configuration file. For example:
[victorops]
enabled = true
api-key = "558e7ebc-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
routing-key = "Sample_route"
global = true
Alerts from Kapacitor appears in Splunk On-Call as they are generated.