I would like some guidance on creating a ticket in an in-house ticketing system when an alert is raised from Splunk.
Are there any links to documentation that would help me towards this please?
I have just come across an alert similar to the below which creates a ticket in an internal ticketing system but I am unsure if this is using a webhook - "raiseticket ticket_processname=Prod_Support"
index="indexName"
a=ServiceName
"Total Attempts Exceeded" | stats count | where count > 0 |
eval Operational_Guide="https://www.docs.com" |
table count,Operational_Guide |
raiseticket ticket_processname=Prod_Support urgency=1
ticket_title=Splunk_Alert:ServiceName_Total_Attempts_Exceeded
email_to="support@company.com" email_attachment_filename_prefix=Splunk_result
That's a lot to ask for, and you'd do better to narrow it down. Splunk supports outbound webhooks; a webhook-based ticketing system is probably the best start. Good luck.