Docs » Splunk On-Call integrations » Webex Teams integration for Splunk On-Call

Webex Teams integration for Splunk On-Call 🔗

The Splunk On-Call and Webex Teams integration allows you to surface incidents from your Splunk On-Call account in Webex Teams, notifying you where you’re already working and reducing tool switching during emergencies.

Requirements 🔗

This integration is compatible with the following versions of Splunk On-Call:

  • Enterprise

Webex Teams Account and Moderator permissions are required.

Webex Teams configuration 🔗

Follow these steps to set up the Webex Teams integration:

  1. Navigate to the Incoming Webhooks app on the Webex App Hub and select Connect.

  2. Authenticate as required, then select Accept.

  3. Navigate back to the Incoming Webhooks app tab and refresh.

  4. When prompted, provide a webhook name and select a space for the webhook.

    Incoming webhooks app

  5. Select Add and copy the Webhook URL to your clipboard.

Splunk On-Call configuration 🔗

Follow these steps to set up the Webex Teams integration:

  1. Navigate to Integrations, guilabel:Outgoing Webhooks and select Add Webhook.

  2. Enter the following values for the new webhook:

    • Event: Incident-Triggered

    • Method: POST

    • Content Type: application/json

    • Custom Headers: none

    • To: Your webhook URL copied from Webex

    • Payload:

      { “markdown”:
“:math:`{{ALERT.entity\_display\_name}}<br>`\ {{ALERT.state_message}}” }

  3. Select Save.

(Optional) Only send a notification for alerts directed to a specific routing key 🔗

You can reduce the scope of the outgoing webhook so that it only posts a message in Webex Teams when your specified routing key is present in the Splunk On-Call incident.

To do so, navigate back to the outgoing webhook you created under Integrations, Outgoing Webhooks and edit the webhook:

  1. Navigate to the To field and highlight the random string following https://webexapis.com/v1/webhooks/incoming/.

  2. Copy the random string to your clipboard and replace it with ${{ALERT.webexteams-field}}. For example, https://webexapis.com/v1/webhooks/incoming/${{ALERT.webexteams-field}}.

  3. Save your changes.

  4. Navigate to the alert rules engine under Settings, Alert Rules Engine and select Add Rule.

  5. Specify the routing_key you want to have trigger the message in Webex Teams.

#. Skip down to the Transform these alert fields section and set webexteams-field to the portion of the URL you copied earlier. The following image shows a sample resulting URL:

Fields for configuring Webex notifications

  1. Save the rule.

When the routing key you’ve specified is present on an alert, the rule applies and creates a field called webexteams-field with the URL portion you pasted in as the value.

(Optional) Segment notifications to different Webex Teams 🔗

To segment notifications to different Webex Teams spaces based on the routing key of the alert, follow these steps:

  1. Navigate to the Incoming Webhooks page on the Webex App Hub.

  2. Provide a new webhook name.

  3. Specify the space you want the notification to be sent to.

  4. Select Add.

  5. Copy the resulting webhook URL to the clipboard.

  6. Continue the previous instruction sections specifying the different routing keys you want to send to your Webex Space. Repeat these steps as necessary for all the routing keys and spaces you want to integrate with.

This page was last updated on Feb 08, 2024.