PRTG integration for Splunk On-Call

Configure the PRTG integration for Splunk On-Call.

PRTG Network Monitor is a server up-time and utilization, network monitoring, and bandwidth usage software package for server infrastructure. It can monitor and classify bandwidth usage in a network using SNMP, packet sniffing, and Netflow. The following guide walks you through installing and configuring this integration.

In Splunk On-Call

From the Splunk On-Call web portal, select Integrations.

From the list of integrations options, select the PRTG (webhook) integration option.

On the resulting page, copy the Service API Endpoint to the clipboard. Be sure to replace the "$routing_key" part of this endpoint with the actual routing key you intend to use.

In PRTG Network Monitor

  1. On your server, navigate to C:\Program Files (x86)\PRTG Network Monitor\Notifications\EXE and create a file named prtgtovictorops.ps1. In the file, paste the following code and save the updated file.

    Param( [string]\ :math:`API\_URL,  \[string\]`\ MessageType,
[string]\ :math:`SiteName,  \[string\]`\ Device,
[string]\ :math:`DeviceId,  \[string\]`\ Name,
[string]\ :math:`Status,  \[string\]`\ Down,
[string]\ :math:`DateTime,  \[string\]`\ LinkDevice, [string]$Message )

Add-Type -AssemblyName System.Web.Extensions function ConvertTo-Json
([Object] $value) {
[System.Web.Script.Serialization.JavaScriptSerializer] $jsSerializer =
New-Object ‘System.Web.Script.Serialization.JavaScriptSerializer'
:math:`jsSerializer.Serialize(`\ value) }

function setMessageType ([string]
:math:`inputString) {  If (`\ inputString -like "Up\*") { return
‘recovery' } elseif
(:math:`inputString -like "Down\*")  {  return 'critical'  }  elseif (`\ inputString
-like "Warning\*") { return ‘warning' } else { return ‘info' } }

:math:`postVOAlert = ConvertTo-Json(@{ message\_type = SetMessageType(`\ Status);
entity_id = $DeviceId; entity_display_name = $Device; monitoring_tool =
"PRTG"; site_name =
:math:`SiteName; link\_device = "<`\ (:math:`LinkDevice)|`\ ($Device)
:math:`(`\ Name)>"; status ="\ :math:`(`\ Status) :math:`(`\ Down) on
:math:`(`\ DateTime)"; state_message = $Message; })

[Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12 $postVOAlert \| Out-File -FilePath
vo.log

[System.Net.WebClient] $webclient = New-Object ‘System.Net.WebClient'
$webclient.Headers.Add("Content-Type","application/json")
:math:`webclient.UploadData(`\ API_URL,
[System.Text.Encoding]::UTF8.GetBytes($postVOAlert)) \| Out-File
-FilePath vo.log -Append

  2. From your server's desktop, open PRTG Enterprise Console.The PRTG Enterprise Console desktop icon.

  3. In the PRTG Enterprise Console, select the Setup tab.The

  4. Select Notifications under Account Settings.The

  5. Select Add new notification.A blue button stating

  6. Enter Splunk On-Call Notification in the Notification Name field, then select Always notify ASAP, never summarize for Method.A notification name and summary option.

  7. Scroll down, then select EXECUTE PROGRAM.An empty check box stating

  8. Select Prtgtovictorops.ps1 from the Program File dropdown menu, then paste the following into the Parameter field replacing URL_to_notify with your URL to notify from the In Splunk On-Call section.

    -API_URL 'URL_to_notify' -SiteName '%sitename' -Device '%device'
-DeviceId '%deviceid' -Name '%name' -Status '%status' -Down '%down'
-DateTime '%datetime' -LinkDevice '%linkdevice' -Message '%message'
    The fields of

  9. Enter the credentials for the Windows administrator that originally installed PRTG, then select Save.

    An arrow points to a blue button stating

  10. Select the Test link next to VictorOps Notification.

    An arrow points to a blue button next to the VictorOps Notification stating

  11. Select OK in Notification Test Results.

    A gray button stating

  12. An alert appears in your Splunk On-Call timeline.

  13. Select the Devices tab.

    The

  14. Select the parent PRTG server connection.

    The root PRTG server connection, labelled

  15. Select the Notifications tab.

    The

  16. Select Add State Trigger.

    The Notifications menu. An arrow points to a blue button stating

  17. In this example, the trigger uses the "Warning" sensor state. You can modify these settings or create other triggers for when sensors are "Down" for example, make sure to select VictorOps Notification from the three dropdown menus after perform, then select Save.

    Settings for the alert triggers. You can toggle various fields in this menu. An arrow points to a blue button stating

  18. You have now completed setting up this integration.

Simulate an Alert

You can verify the integration by navigating to one of your sensors, selecting one, and selecting simulate error status. This creates through to Splunk On-Call.

Troubleshooting

Make sure you have the latest version of Powershell running in your PRTG environment for the integration script to work best. You can check which version of Powershell you currently have by running the following command line:

$PSVersionTable.PSVersion

If you have any questions, contact Splunk On-Call support .