This document describes the process of Splunk Enterprise integration method with WatchMyDC. Splunk Enterprise version 126.96.36.199 (build e40ea5a516d2) is used for creating this document.
- Splunk app for WatchMyDC integration, named WatchMyDC Notifier is required for this integration. The user can download the app from WatchMyDC Dashboard or from the URL below to store it in user PC: https://webhook-packages.s3.eu-west-1.amazonaws.com/splunk-wmdc-notifier+v0.0.1.tar.gz
- WatchMyDC Collector status should be 'online' and the user needs below information from the WatchMyDC Dashboard:
- Organization ID
- Collector IP Address
- Port TCP/UDP 5050 needs to be open from the Splunk Enterprise server to the WatchMyDC Collector, for in case any firewall is present between them.
- Login to WatchMyDC Dashboard and select required Site and Data Center
- Navigate to Configuration Center and then App Synchronization page
- Click on Splunk then click to generate the Webhook Secret, copy the key
Splunk Enterprise UI
- Login to Splunk Enterprise and click App settings icon
- Click on the 'Install app from file'
- Browse the WatchMyDC Notifier app
- WatchMyDC Notifier app will be seen in the Apps list
- Click on Set up
- Set below parameters on required fields:
- WatchMyDC Collector Webhook Receiver: your collector IP: port 5050
- Organization ID: your Organization ID, collected from Organization Settings or Configuration Center > Collector page
- Webhook Secret: Collected from Step#3 on this document
- Click on Permissions, set required permissions. On this document we have set Read/Write permission to all Everyone
- Below example demonstrates the process to create a Trigger Action in Splunk. One Apache Unix server with Splunk Universal Forwarder has been setup to send Apache error logs to Splunk Index server.
- Navigate to Splunk Search & Reporting app
- Make a search query, below is an example to search for Apache service 'shutting down' state, save the query using Save As.
index="10-23_os_log" sourcetype=apache_log shutting
- Engage WatchMyDC Notifier with the subject search result as seen below:
- As soon one alert hits Splunk, it sends webhook message to WatchMyDC. Below image is from Splunk Enterprise:
- Below message is seen in WatchMyDC:
- The user can create an Alert Definition on WatchMyDC from Action Center by engaging Automation playbooks.
A detail demonstration video will be published very soon!