0

xMatters logs and reports to Splunk

We want to get the follow data into Splunk so that we can create our own dashboards and I thought maybe creating an integration myself that streams the data via HEC would be ideal. Or even route back to xMatters for alerts if errors in integration.

  • Integration logs
  • Event logs
  • On-call schedule
  • tbd maybe more later on

I won't know what's ideal (push or pull) until I do some testing. Either create an app on Splunk's end to pull or a communication plan to push. My main question would be

How would you trigger a communication plan for ANY new event without getting all events?

I know there's a from/to for /events but is there a "latest" or would I maybe need to create on "outbound" integration for all existing communication plans to trigger this complan?

Just spitballing ideas

 

I saw this:

https://support.xmatters.com/hc/en-us/community/posts/360042651731-Get-xMatters-event-data-into-Splunk?input_string=xMatters%20logs%20and%20reports%20to%20Splunk

Which gave me some good ideas, but wanted to check in with the community to see if anyone already did this (less work for me :D). Or if anyone has played around with doing this in a communication plan.

 

Any suggestions would be much appreciated.

 

4 comments

Please sign in to leave a comment.