Articles in this section

Self help
FAQ
["FAQ"]

Opsview - Set up Splunk notifications

Avatar
ITRS Support
  • Updated
Follow

Prerequisites

  • None

Process

  1. Log in to the orchestrator as root.
  2. Download the notify_by_splunk script using curl:
curl -sLo /tmp/notify_by_splunk.tar.gz https://downloads.opsview.com/opsview-support/notify_by_splunk.tar.gz
3. Install the notify_by_splunk script. 
tar -C /opt/opsview/monitoringscripts -x -f /tmp/notify_by_splunk.tar.gz --overwrite
4. Log in to the UI and navigate to Configuration > Advanced > Variables.

5. Click Add New in the top left of the page and input the following settings:

Field Value
Name SPLUNK
Label Arg1 Host
Default Arg1 <insert the FQDN of your Splunk server>
Label Arg2 Port
Default Arg2 8088
Label Arg3 Token
Default Arg3 <insert your Splunk token>

Tick the Encrypt box for Default Arg3 and leave all non-specified fields empty.

  1. Click Submit Changes.

  2. Navigate to Configuration > Users and Notifications > Notification Methods.

  3. Click Add New in the top left of the page and input the following settings:

Field Value
Name Splunk
Enable ✔️
Run on Orchestrator
Command notify_by_splunk -H '%SPLUNK:1%' -p '%SPLUNK:2%' -t '%SPLUNK:3%'

Additional command options

Additional options for the command field are available, including: 
-I : to not verify SSL certs (for use with self-signed certs)
-N : use HTTP not HTTPS
-v : additional information in the log file (will get noisey on a busy system)

Logging information is saved to /var/log/opsview/opsview.log.

  1. Click on the Test tab and click Send.

  2. Click Submit Changes.

  3. Navigate to Configuration > Users and Notifications > Users and Roles.

  4. Click Add New in the top left of the page an input the following settings in the User tab:

Field Value
Name Splunk
Username splunk
Comment Notifications into Splunk
Role Administrator
Set password <set a secure password>
  1. Switch to the Notification Profiles tab.
  2. Click Add New and set the following settings:
Field Value
Profile Name Splunk
Alert me by Splunk

  1. Configure the notification profile to alert on hosts and service checks as desired then click Update.

  2. Click Submit Changes.

  3. Apply Changes.

 

For version 6.8.7 and previous, follow the below:

You can add supplemental text for specific checks by editing the file  /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg. If this file does not exist, create it using this command:

cp /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg.in /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfg

 

For version 6.8.8 and after, follow the below:

You can add supplemental text for specific checks by adding/updating the notify_by_splunk.cfg file. Create this file (either new, or copy the content already at /opt/opsview/monitoringscripts/etc/notifications/notify_by_splunk.cfgif it exists), then set it up on your system by running the following command as the opsview user:

/opt/opsview/orchestrator/bin/orchestratorimportscripts etc-notifications /path/to/notify_by_splunk.cfg

Related articles

Comments

0 comments

Please sign in to leave a comment.