Splunk (Legacy) Integration Guide

Splunk collects and indexes data from just about any source imaginable, such as network traffic, Web servers, custom applications, application servers, hypervisors, GPS systems, stock market feeds, social media, and preexisting structured databases.Splunk can be configured to pass all alerts to PagerDuty. Using PagerDuty, you can receive your Splunk alerts via phone call, SMS, or email; configure automatic escalation of alerts; escalate alerts right from your mobile phone; and set up on-call duty scheduling.

Note: This guide is for our python-based integration, which has since been replaced by our newer integration using Splunk’s native webhooks. You can find the new guide here.

What you’ll need to get started

First set up Splunk. You’ll also need a PagerDuty account (either a paid account or a free trial account will work).

In PagerDuty

  1. From the Configuration menu, select Services.

  2. On your Services page:If you are creating a new service for your integration, click +Add New Service.If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the +New Integration button.

RS-Add-New-Service
RS-Add-Integration-Existing-Service

  1. Select your app from the Integration Type menu and enter an Integration Name.If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.

  2. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
    RS-Integration-Settings

  3. Copy the Integration Key for your new integration: RS_API_pd_3

In Splunk:

Phase I – Install & Configure App:

  1. Download & Install Splunk.

  2. From Splunk, select Apps and click Find More Apps:
    find_more_apps

  3. Search for “pagerduty”:
    search_for_PD

  4. Restart Splunk:
    restart_splunk

  5. After Splunk restarts, select Apps and click Manage Apps:
    manage_apps

  6. Locate PagerDuty Alerts and click Set up:
    app_set_up

  7. Enter your PagerDuty Integration key. This is referred to as your Service-API-Key in Splunk. Click Save:
    service_api_key

Phase II – Enable Alert:

  1. From Splunk, search for a term and click Save As – Alert:
    new_search

  2. Pick a name and schedule for the alert:
    save_as_alert

  3. Click Run a Script and enter “pagerduty.py”, then click Save:
    run_a_script

  4. Enjoy having Splunk Alerts delivered to PagerDuty!