xMatters logs and reports to Splunk

We want to get the follow data into Splunk so that we can create our own dashboards and I thought maybe creating an integration myself that streams the data via HEC would be ideal. Or even route back to xMatters for alerts if errors in integration.

  • Integration logs
  • Event logs
  • On-call schedule
  • tbd maybe more later on

I won't know what's ideal (push or pull) until I do some testing. Either create an app on Splunk's end to pull or a communication plan to push. My main question would be

How would you trigger a communication plan for ANY new event without getting all events?

I know there's a from/to for /events but is there a "latest" or would I maybe need to create on "outbound" integration for all existing communication plans to trigger this complan?

Just spitballing ideas


I saw this:


Which gave me some good ideas, but wanted to check in with the community to see if anyone already did this (less work for me :D). Or if anyone has played around with doing this in a communication plan.


Any suggestions would be much appreciated.



