Icon Journal

Home / news

Splunk connector powered by Jitterbit - Documentation for BMC Helix iPaaS

Rachel Hernandez |

To configure a Splunk Create Alert activity 

A Splunk Create Alert activity places alert data into a Splunk endpoint and is intended to be used as a target to consume data in an operation. After configuring a Splunk connection, you can configure as many Splunk activities as you like for each Splunk connection.

To configure a Splunk Create activity, complete the following steps:

  1. After you add the activity to an operation, double-click the activity block.

  2. On the configuration screen, enter a name and specify the following activity settings:

    Field NameAction
    Name

    Enter a name to identify the Splunk Create Alert activity.

    The name must be unique for each Splunk Create Alert activity and must not contain forward slashes (/) or colons (:).

    Alert NameEnter a name for the alert to be created.
    Search CriteriaEnter the search criteria for the alert to be created.
    Alert Dispatch Earliest TimeEnter the earliest value for the search time range.
    Alert Dispatch Latest TimeEnter the latest value for the search time range.
    CRON Schedule

    Enter a cron expression to schedule the alert search. The cron expression is a string of the following five fields from left to right, separated by spaces:

    • Minute: 0-59
    • Hour: 0-23
    • Day of the month: 1-31
    • Month: 1-12
    • Day of the week: 0-6 (where 0 = Sunday) For details of defining a cron expression, see the Use cron expressions for alert scheduling Open link topic in the Splunk documentation.
    Additional field for alert creation

    To select the following additional Splunk fields to define for the alert, click Add.

    • Name: Select a field from the list.
    • Value: Enter a value for the selected field.
    Optional Settings

    Click to view the following additional optional setting:

    • JSON input (This event definition overrides the prior selections): Enter the Key-Value pair for the alert fields. Use the {"Key": "Value"} or [{"Key": "Value"}] format.



  3. Click Next.

  4. Review the request and response data schemas displayed for your Splunk instance. 
    The data schemas list the fields available for the Splunk Create Alert activity. If the operation uses a transformation, the data schemas are displayed again later during the transformation mapping process. In the transformation mapping process, map target fields by using source objects, scripts, variables, custom values, and more. 

    The Splunk connector uses the  Splunk REST API v8.1.0 Open link. For more information about the schema fields, see the API documentation.

  5. Click Finished.
    After the activity is created, menu actions for that activity are accessible from the project pane in either the Workflows or the Components tab, and from the design canvas. For more information, see Activity Actions Menu Open link.

To complete the configuration of the operation, add and configure other activities, transformations, or scripts as steps in an operation. You can also configure an operation's settings, which include the ability to chain operations together that are in the same or different workflows.

To configure actions for the Create Alert activity

The Splunk connector upgrade allows you to configure actions when creating an operation by using the Create Alert activity. To add an action when configuring the Create Alert operation:

  1. Open the request transformation element of the operation you create.

  2. In the Target schema, double-click the actions (string) field, and add the actions to configure. 

    For example, to configure all available actions, enter:

    <trans>
    'webhook,email,script,logevent,outputtelemetry,lookup'
    </trans>

    To configure only webhook, enter:

    <trans>
    'webhook'
    </trans>

  3. Double-click the configuration fields related to the actions you added and add the required values. 
    For example, if you selected webhook, add the webhook URL to the action.webhook.param.url in the target request schema.

  4. Click Return to Workflow

Splunk Create Alert operation patterns

Splunk Create Alert activities can be used as a target with these operation patterns:

You cannot use other patterns for the Splunk Create Alert activities. For more information about the validation patterns, see the  Operation Validity Open link page.

A typical use case is to use a Splunk Create Alert activity in the Two-Transformation Pattern. In this example, the first transformation (Splunk Create Alert Request) creates a request structure that is passed to the Splunk Create Alert activity. The second transformation (Splunk Create Alert Response) receives the response structure, which is then written to a variable by a Variable Write activity (Write Splunk Create Alert Response) and a message is then logged by the Write to Operation Log script, as shown in the following image:

Tip

To use the activity with scripting functions, write the data to a temporary location and then use that temporary location in the scripting function. 

When ready, deploy and run the operation and validate behavior by checking the operation logs Open link.

You Might Also Like