Docs » Splunk On-Call integrations » StatusCast integration for Splunk On-Call

StatusCast integration for Splunk On-Call 🔗

The StatusCast integration allows you to automatically create and update StatusCast incidents based on Splunk On-Call incidents. The following guide walks you through the setup process.

Requirements 🔗

This integration is compatible with the following versions of Splunk On-Call:

  • Enterprise

Set up outgoing webhooks in Splunk On-Call 🔗

In Splunk On-Call, navigate to Integrations, Outgoing Webhooks and select Add Webhook. This creates 2 separate outgoing webhooks as part of the setup.

Outgoing webhook creation dialog

Fill out the following fields:

  • Event: During the setup of the first outgoing webhook, set the field to Incident-Triggered. For the second outgoing webhook, set the field to Incident-Resolved.

  • Method: Set to POST.

  • Content Type: Set to application/json.

  • To: Set to https://<yourapp>.statuscast.com/webhook/victorops. Replace <yourapp> in the URL with your status page name.

  • Payload: Your payload tells StatusCast what resource is affected and what the current status is. For example:

{

   monitorName: "${{ALERT.monitor_name}}",
   state: "${{ALERT.entity_state}}"

}

The monitor name corresponds to a template in StatusCast. Customize the payload values while preserving the property names listed as required. The monitorName property maps to a corresponding template in StatusCast.

Repeat the previous steps to create another outgoing webhook, this time with an Event value of Incident-Resolved.

StatusCast configuration 🔗

To complete the setup, configure your StatusCast account by following these steps:

  1. Log into the administrative portal and navigate to the Monitors section. Here you can create an entry for each monitor in your Splunk On-Call account that you want StatusCast to automatically create incidents for.

  2. Select New Monitor and in the Choose Provider menu select Splunk On-Call:

Provider menu
  1. Enter the Alert Name for the monitor. This corresponds to the monitor name that set off an alert.

Alert name field
  1. Enter the Authored by value, which defines who is the author of the incident. If you page is set to hide authors, they remain hidden.

Authored by field

Other incident settings include Type, Affected components, Subject, and Message. They reflect the same general options you get when creating an incident. For more information on this process, see How do I post a new incident or status in the StatusCast official documentation.

With the incident settings filled out, define the workflow of the incident you are posting:

Notify theses employees: Select which employees StatusCast notifies when this type of incident gets created. You can select multiple employees.

Wait time: Amount of time StatusCast waits before creating your incident. This is used to buffer out incidents that are resolved in a matter of minutes. If your monitoring service already has this built in, you can set the value to 0, which causes StatusCast to post the incident when it’s received.

Combine alerts: When your monitoring services send out multiple requests, you can choose to combine them to prevent redundant incidents from being reported.

Auto-publish: If selected, your incident is automatically published, which notifies all subscribers. If this option is turned off, your employees need to activate the post manually, either by logging into StatusCast and activating it within the Dashboard or by replying to the notification email.

Auto-close: If selected, your incident is closed when your monitoring service sends an update. By selecting this you can also enter a Closing Comment to be posted.

After you have all the configurations set, select Submit` to save the configuration.

This page was last updated on 2024年02月08日.