Splunk

URL: https://d3boqi1zs4oa8r.cloudfront.net/

To set up and configure Splunk , follow the instructions by expanding the headings below.

Run the following commands in sequence to download, install, and start a Splunk server.

  1. Run wget -O splunk-8.2.6-a6fe1ee8894b-linux-2.6-amd64.deb "https://download.splunk.com/products/splunk/releases/8.2.6/linux/splunk-8.2.6-a6fe1ee8894b-linux- 2.6-amd64.deb.

  2. Run sudo dpkg -i splunk-8.2.6-a6fe1ee8894b-linux-2.6-amd64.deb

  3. Accept the license agreement and set the Splunk server credentials.

  4. Run sudo /opt/splunk/bin/splunk start.

  5. Check whether the server status is running using the command sudo /opt/splunk/bin/splunk status.

  6. Stop the splunk server using the command sudo /opt/splunk/bin/splunk stop.

  7. Navigate to the browser and enter the IP address with port number, then enter your credentials.

    Splunk Enterprise login page showing username and password fields.

    Splunk Enterprise dashboard showing apps and data exploration options.

  1. Navigate to the IT CM page and click on the IT Services tab.

  2. Click New Service. The Add IT Services page opens.

  3. Follow the steps in Add IT Processes and Services for more information.

  1. Navigate to the IT CM page and click the IT Processes tab.

  2. Click New Process. The Add IT Process dialog opens.

    Add IT Process page showing process details and thresholds configuration.

  3. Follow the steps in Add IT Processes and Services for more information.

  1. Navigate to the Staff Scheduling page.

  2. Click + next to Calendars to create a new calendar. The New Calendar dialog opens.

  3. Follow the steps in Create a Calendar for more information.

  1. Navigate to the Contacts page and click on the Groups tab.

  2. Click Add Group. The New Group page opens.

  3. Follow the steps in Create a Contact Group for more information.

  1. Click on the service that has been generated. The service details page opens.

  2. Click Create Integration. The Integration dialog opens.

  3. Enter the integration name and specify the integration type as Integrate Via App.

  4. Select the application name, in this case, Splunk.

  5. Click Save. The service integration URL and key are automatically created.

  6. Copy the integration URL to use in the steps in Set up Splunk webhooks.

  1. Navigate to the Splunk server using the using IP address.

  2. Navigate to Search & Reporting > add search on any index.

  3. Click Save As and select Alert from the menu.

    Splunk Search & Reporting page showing Save As menu with Alert option.

  4. Enter the details and paste the integration webhook URL you copied during the steps in Create integration in Juvare ARC into the URL field.

    Save As Alert dialog showing webhook URL configuration.

  5. You can see the created alerts under Settings > Searches, Reports and Alerts.

    Searches, Reports, and Alerts page showing created alerts list.

  6. In Juvare ARC, you can now see the notification of alerts in the Alerts tab of the IT Event Management page.

Rules are created for filtering payload data.

  1. Navigate to the IT CM page and click on the IT Services tab.

  2. Click on any service. The Service Details page opens.

  3. Click the Rule Set tab under Settings then click Create Rule Set.

  4. Follow the steps for creating rule sets given in Add IT Processes and Services.

    Create Rule Set page showing integration selection and payload configuration for Splunk.

Related Concepts

IT Event Management

Related Tasks

Add IT Event Integrations