Solved: How does integration work between OpsGenie and Spl...

danillopavan · ‎10-23-2017

Hello all,

I am creating some alerts and including as action the integration with OpsGenie interface.

The alerts are being generated succesfully, however I would like to customize the SMS and email texts.

I would like to understand how the integration works: I need to pass some variables to the integrations (iike results)? How the OpsGenie interface can read my alerts results to show better the information?

Thanks and regards,
Danillo Pavan

bcelenk · ‎11-01-2017

Disclaimer: I'm an employee at OpsGenie 🙂

OpsGenie's custom alert action retrieves the raw payload from the Splunk and parses your data to construct rich and informative alerts. You can use dynamic fields to customize alert properties, as well as alert conditions.

Regarding your question, we acquire the data using a similar method to Splunk's Webhook alert action. If you want to develop your own custom action, this document might be helpful:https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/AdvancedDev/CustomAlertConvertScripted

Detailed information could be found in our Splunk Integration:https://docs.opsgenie.com/docs/splunk-integration

Sincerely,
Bener

View solution in original post

joshva0894 · ‎02-20-2020

Hi @danillopavan

Could you please let me know, How did you integrated Opsgenie with Splunk ??

I couldn't able to paste the API key in Splunk, which i got from Genie

Hope a quick response

bcelenk · ‎11-01-2017

Disclaimer: I'm an employee at OpsGenie 🙂

OpsGenie's custom alert action retrieves the raw payload from the Splunk and parses your data to construct rich and informative alerts. You can use dynamic fields to customize alert properties, as well as alert conditions.

Regarding your question, we acquire the data using a similar method to Splunk's Webhook alert action. If you want to develop your own custom action, this document might be helpful:https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/AdvancedDev/CustomAlertConvertScripted

Detailed information could be found in our Splunk Integration:https://docs.opsgenie.com/docs/splunk-integration

Sincerely,
Bener

danillopavan · ‎11-01-2017

Hello bcelenk,

Thanks for your information. I have already created a customized alert to be sent by OpsGenie app. I have used the JSON structure to get the values of the result object. Just as tip to see the JSON structure sent by SPLUNK, go to LOGs are in OpsGenie site, and look for the Splunk integration log (called as Received integration Request). There you can find the JSON structure sent by SPLUNK and get the fields names (under Object>_IncomingData>_httpBodyJson>_configuration>_result
To configure just create an new integration in Advanced mode and input your values in the Alert Fields.
Just a problem that I noted, even my Splunk alert search bring more than 1 raw in result, the JSON structure just show the first line of the result. Not sure if this is an issue or if I didnt know how to use it 😞
Thanks!

bcelenk · ‎11-01-2017

Hi danillopavan,
While configuring the OpsGenie as your custom trigger action: Please select Per-Result which is located under Trigger Conditions. After setting the trigger condition as mentioned, you could view each result's data in their own alert. You may find more information about this in the answer: https://answers.splunk.com/answers/373469/how-to-get-splunk-webhook-alert-actions-to-send-en.html

How does integration work between OpsGenie and Splunk? How does the OpsGenie interface read alerts?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms