Set up Splunk notifications
Prerequisites Copied
- None
Process Copied
- Log in to the orchestrator as
root. - Download the
notify_by_splunkscript usingcurl:
curl -sLo /tmp/notify_by_splunk.tar.gz https://downloads.opsview.com/opsview-support/notify_by_splunk.tar.gz
- Install the
notify_by_splunkscript.
tar -C /opt/opsview/monitoringscripts -x -f /tmp/notify_by_splunk.tar.gz --overwrite
-
Log in to the UI and navigate to Configuration > Advanced > Variables.
-
Click Add New in the top left of the page and input the following settings:
| Field | Value |
|---|---|
| Name | SPLUNK |
| Label Arg1 | Host |
| Default Arg1 | |
| Label Arg2 | Port |
| Default Arg2 | 8088 |
| Label Arg3 | Token |
| Default Arg3 |
Tick the Encrypt box for Default Arg3 and leave all non-specified fields empty.
- Click Submit Changes.
- Navigate to Configuration > Users and Notifications > Notification Methods.
- Click Add New in the top left of the page and input the following settings:
| Field | Value |
|---|---|
| Name | Splunk |
| Enable | ✔️ |
| Run on | Orchestrator |
| Command | notify_by_splunk -H '%SPLUNK:1%' -p '%SPLUNK:2%' -t '%SPLUNK:3%' |
Additional command options
Additional options for the command field are available, including:
-I : to not verify SSL certs (for use with self-signed certs)
-N : use HTTP not HTTPS
-v : additional information in the log file (will get noisy on a busy system)
Logging information is saved to /var/log/opsview/opsview.log.
- Click the Test tab, then click Send.
- Click Submit Changes.
- Navigate to Configuration > Users and Notifications > Users and Roles.
- Click Add New in the top left of the page and input the following settings in the User tab:
| Field | Value |
|---|---|
| Name | Splunk |
| Username | splunk |
| Comment | Notifications into Splunk |
| Role | Administrator |
| Set password |
- Switch to the Notification Profiles tab.
- Click Add New and set the following settings:
| Field | Value |
|---|---|
| Profile Name | Splunk |
| Alert me by | Splunk |
- Configure the notification profile to alert on hosts and service checks as desired then click Update.
- Click Submit Changes.
- Apply Changes.
For version 6.8.7 and previous, follow the below:
You can add supplemental text for specific checks by editing the file /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg. If this file does not exist, create it using this command:
cp /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg.in /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg
For version 6.8.8 and after, follow the below:
You can add supplemental text for specific checks by adding/updating the notify_by_splunk.cfg file. Create this file (either new, or copy the content already at /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg if it exists), then set it up on your system by running the following command as the opsview user:
/opt/opsview/orchestrator/bin/orchestratorimportscripts etc-notifications /path/to/notify_by_splunk.cfg