This section details the configuration needed to be carried in Splunk to make the integration function correctly.
The first step to integrating Halo with Splunk is to create at least one alert within the search and reporting app. To do this, complete a search in Splunk, and then click the Save As > Alert option in the top right corner of the screen.
You will then be able to configure your alert as you require.
Once you have an alert created in Splunk that you would like to auto generate tickets from, edit the alert and under "Trigger Actions", select Add Actions > Webhook. You need to add your Halo API URL to the URL option, followed by /notify. If you’re unsure of what this URL should be, it can be found in the Splunk integration configuration screen within Halo, shown a little further on in this guide.
This section details the work that needs to be carried out in Halo in order to make the Splunk integration work.
To enable the Splunk integration in Halo, go to Configuration > Integrations, and enable the module. Once the module has been enabled, click the menu icon for the module to begin configuring it.
Initially, you will see some text detailing the URL that needs to be used when configuring your Webhooks in Splunk.
After this, there are two options. The first of these is for you to choose the ticket type that you would like new tickets to be created with when Halo receives alerts from Splunk. The second option is for you to choose the end user that new tickets created from Splunk alerts gets assigned too.
Once the integration has been configured, and a new ticket has been created from a Splunk alert, it is possible to load the results of the Splunk Search that raised the alert from the ticket. If you open any ticket created from a Splunk alert, under "Ticket Details" you will see an option for Splunk search results:
Clicking the “view results” hyperlink will open up Splunk in a new tab directly on the results page of the corresponding search that raised the alert.