Splunk On-Call (Formerly VictorOps) is an incident management software that allows engineering and operations teams to work together, solve problems faster, and continuously improve in high-velocity deployment environments. StatusHub is built to communicate about issues and incidents to your users and customers. Linking these two systems allows your technical team to take advantage of automation and save valuable time. Their time is even more precious during unexpected incidents.
About Splunk On-Call
Splunk On-Call provides a unified platform for real-time awareness, alerts, collaboration, and documentation. The company offers observability, collaboration, and timely alerts so you can build, deploy, and operate software fearlessly.
STATUSHUB AND SPLUNK ON-CALL INTEGRATION OVERVIEW
Splunk On-Call is a hub for centralizing the flow of information throughout the incident lifecycle. The company aggregates data from multiple monitoring tools. StatusHub will establish a secure connection between your Splunk On-Call account and your StatusHub account; When Splunk On-Call identifies an incident in your system, it will send the information to your StatusHub. When StatusHub detects an issue it will then automatically create an incident report and post it to your StatusHub, which saves your technical team valuable time and resources.
Your technical team now has time to investigate and, ideally, resolve the detected problem quickly. And they can do so with the peace of mind of knowing that your customers and users have already been informed.
Technical Overview of Splunk On-Call Integration with StatusHub
Because Splunk On-Call integration is done through a URL with a service token, it’s a one-to-many association. A single Splunk On-Call webhook can’t create incidents on multiple StatusHub services.
Splunk On-Call integration can only create incidents in StatusHub. It can’t create maintenance event.
The initial StatusHub incident status will always be “investigating”.
When the issue is resolved, Splunk On-Call will close the incident in StatusHub by setting incident status to “resolved”.
Service statuses will be set based on “ALERT.alerttype” or “alerttype” parameters sent by Splunk On-Call. Value mapping is as follows: CRITICAL -> “red” WARNING -> “yellow” RECOVERY -> “green”
The incident title will be set to either the “ALERT.entitydisplayname” or “entitydisplayname” parameter from the Splunk On-Call payload
The incident update message will be set to either the “ALERT.statemessage” or “statemessage” parameter from the Splunk On-Call payload,
Please note that because this integration use Splunk On-Call Transmogrifier, it will not work with manually created incidents or incidents created via Splunk On-Call General API as those will not trigger Splunk On-Call Transmogrifier processing. Example of integration that works is for example REST Integration