HP SiteScope integration for Splunk On-Call π
SiteScope monitors more than 100 different target types for critical health and performance characteristics. You can also extend your monitoring environment by creating your own monitor types and customizing existing monitors. The following guide walks you through this integration.
Requirements π
This integration is compatible with the following versions of Splunk On-Call:
Starter
Growth
Enterprise
Splunk On-Call configuration π
From the Splunk On-Call web portal, select Integrations. From the resulting list of integration options, select HP SiteScope.
Copy the Service Email to the clipboard. Make sure to replace the $routing_key section with the routing key you want to use. See Create Routing Keys in Splunk On-Call.
HP SiteScope configuration π
On the SiteScope server, add 3 files with the following names and contents in the templates.mail directory.
Filename: Splunk On-Call_CRITICAL
[Subject: <siteScopeHost>/<groupID>/<name>/<alert::name> CRITICAL]
This alert is from SiteScope at <newSiteScopeURL>
Monitor: <groupID>:<name>
Tags: <tag>
Group: <group>
Status: <state>
Sample #: <sample>
Time: <time>
---------------------- Detail ----------------------
<mainParameters>
<mainStateProperties>
Filename: Splunk On-Call_WARNING
[Subject: <siteScopeHost>/<groupID>/<name>/<alert::name> WARNING]
This alert is from SiteScope at <newSiteScopeURL>
Monitor: <groupID>:<name>
Tags: <tag>
Group: <group>
Status: <state>
Sample #: <sample>
Time: <time>
---------------------- Detail ----------------------
<mainParameters>
<mainStateProperties>
Filename: Splunk On-Call_RECOVERY
[Subject: <siteScopeHost>/<groupID>/<name>/<alert::name> RECOVERY]
This alert is from SiteScope at <newSiteScopeURL>
Monitor: <groupID>:<name>
Tags: <tag>
Group: <group>
Status: <state>
Sample #: <sample>
Time: <time>
---------------------- Detail ----------------------
<mainParameters>
<mainStateProperties>
Configure alert action π
From the HP SiteScope web interface, right-click on the context tree, then select New, Alert.
Enter Splunk On-Call in the Name field and Splunk On-Call Alerts in the Alert description field.
Check SiteScope in the guilabel:Alert Targets section. In the Alert Actions section, select New Alert Action.
Select Email in the Action Type list.
Enter Error Action in the Action name field. Paste the email address into the Addresses field.
Select Splunk On-Call_CRITICAL from the template menu and Error in the status trigger section, then select OK.
Configure warning action π
In the Alert Actions section, select New Alert Action.
Select Email in the Action Type list.
Enter Warning Action in the Action name field. Paste the email address into the Addresses field.
Select Splunk On-Call_WARNING from the template menu and Warning in the Status Trigger section, then select OK.
Configure recovery action π
In the Alert Actions section, select New Alert Action.
Select Email in the Action Type list.
Enter Recovery Action in the Action name field. Paste the email address into the Addresses field.
Select Splunk On-Call_RECOVERY from the template menu, then check Mark this action to close alert.
Select Good in the Status Trigger section, then select OK.
Select OK.
Test the integration π
Select Splunk On-Call from the alert list, then select Test.
Select OK.
You should see a confirmation that the email alerts were successfully sent to your Splunk On-Call email address. Select OK to confirm.
Alerts now appear in your Splunk On-Call timeline.