Kapacitor integration for Splunk On-Call π
Kapacitor is an open source data processing framework that makes it easy to create alerts, run ETL jobs and detect anomalies. The following guide walks you through this integration.
Requirements π
This integration is compatible with the following versions of Splunk On-Call:
Starter
Growth
Enterprise
Splunk On-Call configuration π
From the Splunk On-Call web portal, select Integrations. From the resulting list of integration options, select Kapacitor, then Enable Integration.
Copy the Service API Key to the clipboard. Make sure to replace $routing_key with a valid routing key. See Create Routing Keys in Splunk On-Call.
Kapacitor configuration π
In the Kapacitor configuration file, for example kapacitor.conf, locate the [victorops] section, then set:
enabledtotrueapi-keyto the API key you obtained in Splunk On-Callrouting-keyto the routing key you want to use.
For example:
[victorops]
enabled = true
api-key = "558e7ebc-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
routing-key = "Sample_route"
Now you can chain .victorOps() and .routingKey() in the TICKscript.
The following snippet shows who to send alerts to Splunk On-Call with the routing key set to the value of
routing-key in the Kapacitor configuration file:
stream
|alert()
.victorOps()
The following snippet shows who to send alerts to Splunk On-Call with the routing_key set to Another_route:
stream
|alert()
.victorOps()
.routingKey('Another_route')
If you want to send all alerts to Splunk On-Call without explicitly stating it in the TICKscript, set global to true in the [victorops] section of the Kapacitor configuration file. For example:
[victorops]
enabled = true
api-key = "558e7ebc-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
routing-key = "Sample_route"
global = true
Alerts from Kapacitor appears in Splunk On-Call as they are generated.