How to Integrate Splunk with PagerDuty


Splunk collects and indexes data from just about any source imaginable, such as network traffic, Web servers, custom applications, application servers, hypervisors, GPS systems, stock market feeds, social media, and preexisting structured databases.

Splunk can be configured to pass all alerts to PagerDuty. Using PagerDuty, you can receive your Splunk alerts via phone call, SMS, or email; configure automatic escalation of alerts; escalate alerts right from your mobile phone; and set up on-call duty scheduling.

Note: This guide is written for Splunk 6+. If you’re using Splunk 5, you’ll want to use this guide:

What you’ll need to get started

First set up Splunk. You’ll also need a PagerDuty account (either a paid account or a free trial account will work).

Using API integration:

Usage Overview

  1. Download & Install Splunk.
  2. Create a PagerDuty Service Integration API Key.
  3. Install this App.
  4. Set PagerDuty API Key.
  5. Enable Alert.


In PagerDuty:

  1. Create a PagerDuty service:
  2. Note the Service API Key:


In Splunk:

Phase I – Install & Configure App:

  1. Download & Install Splunk.
  2. From Splunk, select “Apps” and click “Find More Apps”:
  3. Search for “pagerduty”:
  4. Restart Splunk:
  5. After Splunk restarts, select “Apps” and click “Manage Apps”:
  6. Locate “PagerDuty Alerts” and click “Set up”:
  7. Enter your PagerDuty Service-API-Key and click “Save”:

Phase II – Enable Alert:

  1. From Splunk, search for a term and click “Save As – Alert”:
  2. Pick a name and schedule for the alert:
  3. Click “Run a Script” and enter “”, then click “Save”:
  4. Enjoy having Splunk Alerts delivered to PagerDuty!