Logz.io integration for Splunk On-Call 🔗
Logz.io provides a cloud-based log analytics service with additional features such as predictive fault detection, alerts, multi-user access and role definitions. The platform uses machine-learning algorithms to find critical log events before they impact operations, providing users with information about their systems and applications. The following guide will walk you through this integration.
In Splunk On-Call 🔗
In Splunk On-Call, navigate to Settings, then Alert Behavior.
Select Integrations, then the REST integration option.
If the REST endpoint integration has not been enabled, select the green Enable button to generate your endpoint destination URL.
Copy the URL to notify to the clipboard.
In Logz.io 🔗
From the Logz.io web interface, click on Alerts.
Select ALERT ENDPOINTS.
Select Create a New Endpoint.
In the ADD A NEW ENDPOINT form, select the Custom type.
Fill out the Name and Description fields.
Paste the URL to notify from the In VictorOps` section into the URL field.
Select POST for the Method.
Finally, paste the text below into the Body` field, then Save.
{ “message_type”: “CRITICAL”, “entity_id”: “{{alert_title}}”, “entity_display_name”: “{{alert_description}}”, “alert_severity”: “{{alert_severity}}”, “state_message”: “{{alert_event_samples}}”, “monitoring_tool”: “Logz.io” }
Click on logz.io logo to return to the main tab.
You can now add the Splunk On-Call notification endpoint to your alerts. In order to test the notification endpoint, click on Create Alert.
Select Equal to from the Condition` dropdown menu. Enter 99 in the Threshold field, then select Continue.
Enter a name in the Name field, then click CONTINUE.
Set Suppress notifications for to 5 minutes, then select SplunSplunk On-Call (formerly VictorOps) from the Notifications endpoint dropdown menu, then click CREATE ALERT.
Confirm that an alert shows up in the Splunk On-Call timeline.
You have completed setting up this integration.