Panopta integration for Splunk On-Call

Configure the Panopta integration for Splunk On-Call.

The following guide walks you through the steps needed to get the Panopta integration into Splunk On-Call.

Requirements

This integration is compatible with the following versions of Splunk On-Call:

  • Starter

  • Growth

  • Enterprise

Splunk On-Call configuration

  1. In the Splunk On-Call portal go to Settings > Alert Behavior > Integrations.Integrations menu

  2. Select the Panopta integration.Panopta integration

  3. Copy the service API endpoint URL.

    Endpoint URL

  4. Make sure to add the appropriate routing key to your endpoint URL. See Create Routing Keys in Splunk On-Call.

Panopta configuration

  1. From the Alerting menu in the control panel, select the Integrations tab.

  2. Select the webhooks integration.

  3. Name the integration. Under the Incident Webhook tab, set the request method to POST, and the postback URL as the Splunk On-Call REST endpoint URL from the previous step.

  4. Select a raw payload as your payload type, then copy the following JSON snippet in the code box:
    json {"message_type":"CRITICAL","entity_id":"$name", "state_message":"$items - $reasons","monitoring_tool":"Panopta"}

To also send a recovery message to Splunk On-Call, create a second webhook under the Clear Webhook tab. Give it a name, like Splunk On-Call Recovery. Select POST as your request method, and paste in your Splunk On-Call REST endpoint URL for the Postback URL.

json {"message_type":"RECOVERY","entity_id":"$name", "state_message":"$items - $reasons","monitoring_tool":"Panopta"}