Suresh Kumar Kumaresan
xMatters Actionable Alerts for SPLUNK - Not working in Search Head Cluster
I have installed the "xMatters Actionable Alerts for SPLUNK" app through SPLUNK Deployment server. App was properly installed. I am able to configure the setup. But we are seeing any alerts in xMatters. Whereas it works fine in Standalone SPLUNK search head.
Is there any document for installing for "xMatters Actionable Alerts for SPLUNK" for Splunk Search head cluster.
0
Comments
Please sign in to leave a comment.
Hi Suresh,
Here's a document that may help you: https://help.xmatters.com/integrations/logmgmt/splunk.htm?cshid=Splunk
Happy to continue troubleshooting if this doesn't help.
Thanks!
Hi Suresh,
Just to add onto Mario's note, there is one relevant bit from that article that applies to this situation:
If your Splunk is configured in a clustered environment, make sure you deploy the xMatters app at the deployer level, and not in the Search Head Cluster. See the Splunk documentation for more information on using the deployer to distribute apps.
If memory serves, you can technically set up each individual search head for this configuration but that technically is the deployer's job so that's what you will want to use.
Let us know if you have any questions!
Thanks a lot Mario Guisado and Francois Groulx. This app requires URL and Other credentials. From the deployer server, I can provide all the information in the alerts_actions.conf but I am not sure how to provide the password. Do I have to start with the plain text password in passwords.conf. Would SPLUNK encrypt on restart.
HI Francois Groulx
As suggested, I will try with setting up the app in the individual search head.