About the integration:

Detect alerts and monitor your IT and application ecosystem by feeding Splunk alerts into Freshservice. Reduce alert noise by using the native aggregation capability of the Alert Management System and escalate alerts into incidents based on customizable alert rules. 

Configuration in Freshservice:

Step 1:

Head to the Admin panel, scroll to IT Operations Management, and select Monitoring Tools.

Step 2:

You are now on the Monitoring Tools list page. Select Add monitoring tool to add a new integration.

Step 3:

You will see a list of pre-configured integrations, the gateway to custom integration using webhooks, and the option to use email as a channel for alerts. Select Splunk.

Step 4:

A URL and auth-Key will be generated. You will require this to set up the integration in Splunk.

Configuration in Splunk:

  1. Log into your Splunk account.
  2. Go to the search bar on top and search for Webhook.
  3. Click on the Webhook integration option. On the webhook page, click on New Integration.
  4. Configure the following details:
    1. Provide a name to the integration
    2. Paste the URL generated in Step 4 of Freshservice configuration in the URL field
    3. In headers, set Key as 'content-type' and Value as 'application/json'
  5. Click on Save.
  6. Go to Alerts & Detectors using the navigation bar on the left
  7. Click on New Detector.
  8. Provide a name to the detector and click on 'Create Alert Rule'.
  9. Select the alert type and click on 'Proceed to Alert Signal'.
  10. Add a metric or an event here that you want to monitor.
  11. Select a condition for the alert.
  12. Then proceed to alert setting to define the trigger for the alert.
  13. Now move to alert message to customize the message you like to send for the alert along with the alert severity. Click on 'Proceed To Alert Recipients'.
  14. Click on 'Add Recipient' and select Webhook.
  15. Choose the webhook integration that you created in Step 4 of Splunk configuration
  16. Provide your alert rule an appropriate name and click on 'Activate Alert Rule'.

Now you should be able to receive an alert in Freshservice every time the alert condition is satisfied in Splunk.