We want to get the follow data into Splunk so that we can create our own dashboards and I thought maybe creating an integration myself that streams the data via HEC would be ideal. Or even route back to xMatters for alerts if errors in integration.
- Integration logs
- Event logs
- On-call schedule
- tbd maybe more later on
I won't know what's ideal (push or pull) until I do some testing. Either create an app on Splunk's end to pull or a communication plan to push. My main question would be
How would you trigger a communication plan for ANY new event without getting all events?
I know there's a from/to for /events but is there a "latest" or would I maybe need to create on "outbound" integration for all existing communication plans to trigger this complan?
Just spitballing ideas
I saw this:
Which gave me some good ideas, but wanted to check in with the community to see if anyone already did this (less work for me :D). Or if anyone has played around with doing this in a communication plan.
Any suggestions would be much appreciated.