Splunk (Legacy) Integration Guide

Splunk collects and indexes data from just about any source imaginable, such as network traffic, Web servers, custom applications, application servers, hypervisors, GPS systems, stock market feeds, social media, and preexisting structured databases.Splunk can be configured to pass all alerts to PagerDuty. Using PagerDuty, you can receive your Splunk alerts via phone call, SMS, or email; configure automatic escalation of alerts; escalate alerts right from your mobile phone; and set up on-call duty scheduling.

Note: This guide is for our python-based integration, which has since been replaced by our newer integration using Splunk's native webhooks. You can find the new guide here.

What you’ll need to get started

First set up Splunk. You’ll also need a PagerDuty account (either a paid account or a free trial account will work).

In PagerDuty

  1. Go to the Services menu and select Service Directory.
  2. On the Service Directory page:
    • If you are creating a new service for your integration, click +New Service and follow the steps outlined, selecting this integration in step 4.
    • If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click Add a new integration.
  3. Under Select the integration(s) you use to send alerts to this service search and select this integration.
  4. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
  5. Find the integration in the list, click the v dropdown on the right and copy the Integration Key. Keep this key in a safe place for later use.

In Splunk:

Phase I - Install & Configure App:

  1. Download & Install Splunk.
  2. From Splunk, select Apps and click Find More Apps:
    find_more_apps
  3. Search for "pagerduty":
    search_for_PD
  4. Restart Splunk:
    restart_splunk
  5. After Splunk restarts, select Apps and click Manage Apps:
    manage_apps
  6. Locate PagerDuty Alerts and click Set up:
    app_set_up
  7. Enter your PagerDuty Integration key. This is referred to as your Service-API-Key in Splunk. Click Save:
    service_api_key

Phase II - Enable Alert:

  1. From Splunk, search for a term and click Save As - Alert:
    new_search
  2. Pick a name and schedule for the alert:
    save_as_alert
  3. Click Run a Script and enter "pagerduty.py", then click Save:
    run_a_script
  4. Enjoy having Splunk Alerts delivered to PagerDuty!

Ready to get started?

Try any product on the Operations Cloud for free. No credit card required.