PRTG integration for Splunk On-Call 🔗
PRTG Network Monitor is a server up-time and utilization, network monitoring, and bandwidth usage software package for server infrastructure. It can monitor and classify bandwidth usage in a network using SNMP, packet sniffing, and Netflow. The following guide walks you through installing and configuring this integration.
In Splunk On-Call 🔗
From the Splunk On-Call web portal, select Integrations.
From the list of integrations options, select the PRTG (webhook) integration option.
On the resulting page, copy the Service API Endpoint to the clipboard. Be sure to replace the “$routing_key” part of this endpoint with the actual routing key you intend to use.
In PRTG Network Monitor 🔗
On your server, navigate to
C:\Program Files (x86)\PRTG Network Monitor\Notifications\EXE
and
create a file named prtgtovictorops.ps1. In the file, paste the
following code and save the updated file.
Param( [string]\ :math:`API\_URL, \[string\]`\ MessageType,
[string]\ :math:`SiteName, \[string\]`\ Device,
[string]\ :math:`DeviceId, \[string\]`\ Name,
[string]\ :math:`Status, \[string\]`\ Down,
[string]\ :math:`DateTime, \[string\]`\ LinkDevice, [string]$Message )
Add-Type -AssemblyName System.Web.Extensions function ConvertTo-Json
([Object] $value) {
[System.Web.Script.Serialization.JavaScriptSerializer] $jsSerializer =
New-Object ‘System.Web.Script.Serialization.JavaScriptSerializer'
:math:`jsSerializer.Serialize(`\ value) }
function setMessageType ([string]
:math:`inputString) { If (`\ inputString -like “Up\*”) { return
‘recovery' } elseif
(:math:`inputString -like "Down\*") { return 'critical' } elseif (`\ inputString
-like “Warning\*”) { return ‘warning' } else { return ‘info' } }
:math:`postVOAlert = ConvertTo-Json(@{ message\_type = SetMessageType(`\ Status);
entity_id = $DeviceId; entity_display_name = $Device; monitoring_tool =
“PRTG”; site_name =
:math:`SiteName; link\_device = "<`\ (:math:`LinkDevice)|`\ ($Device)
:math:`(`\ Name)>“; status =”\ :math:`(`\ Status) :math:`(`\ Down) on
:math:`(`\ DateTime)“; state_message = $Message; })
[Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12 $postVOAlert \| Out-File -FilePath
vo.log
[System.Net.WebClient] $webclient = New-Object ‘System.Net.WebClient'
$webclient.Headers.Add(“Content-Type”,“application/json”)
:math:`webclient.UploadData(`\ API_URL,
[System.Text.Encoding]::UTF8.GetBytes($postVOAlert)) \| Out-File
-FilePath vo.log -Append
From your server’s desktop, open PRTG Enterprise Console.
In the PRTG Enterprise Console, select the Setup tab.
Select Notifications under “Account Settings”.
Select Add new notification.
Enter “Splunk On-Call Notification” in the “Notification Name” field, then select Always notify ASAP, never summarize for “Method”.
Scroll down, then select EXECUTE PROGRAM.
Select Prtgtovictorops.ps1 from the “Program File” dropdown menu,
then paste the following into the “Parameter” field replacing
URL_to_notify
with your “URL to notify” from the “In Splunk On-Call” section.
-API_URL 'URL_to_notify' -SiteName '%sitename' -Device '%device'
-DeviceId '%deviceid' -Name '%name' -Status '%status' -Down '%down'
-DateTime '%datetime' -LinkDevice '%linkdevice' -Message '%message'
Enter the credentials for the Windows administrator that originally installed PRTG, then select Save.
Select the Test link next to “VictorOps Notification”.
Select OK in “Notification Test Results”.
An alert appears in your Splunk On-Call timeline.
Select the Devices tab.
Select the parent PRTG server connection.
Select the Notifications tab.
Select Add State Trigger.
In this example, the trigger uses the “Warning” sensor state. You can modify these settings or create other triggers for when sensors are “Down” for example, make sure to select VictorOps Notification from the three dropdown menus after “perform”, then select Save.
You have now completed setting up this integration.
Simulate an Alert 🔗
You can verify the integration by navigating to one of your sensors, selecting one, and selecting “simulate error status”. This creates through to Splunk On-Call.
Troubleshooting 🔗
Make sure you have the latest version of Powershell running in your PRTG environment for the integration script to work best. You can check which version of Powershell you currently have by running the following command line:
$PSVersionTable.PSVersion
If you have any questions, contact Splunk On-Call support .