Splunk On-Call Webhook Integration

We use this to get the alerts into Splunk first. SolarWinds Add-on for Splunk | Splunkbase . We log the alerts using this alert action   so that we can use the variables within SolarWinds to craft the message to look exactly what we want it to look like then Splunk grabs the alerts out of the above log. Once the data is in Splunk you can do anything you want with it.

Thanks but that appears to require Splunk Enterprise unless I'm missing something?  We only have access to Splunk On-Call (VictorOps).

If you search 'how to get messages from solarwinds to victorops stand alone' in CoPilot it looks like you just need to add an API endpoint and then use the HTTP  Post alert action. There is more information here from SolarWinds AppOptics | VictorOps

AppOptics is not part of the Solarwinds Observability SaaS platform but we've been trying to accomplish the same thing with Webhook Notifications and HTTP POST calls for the last 4 weeks.  We can get the two to talk to each other using the application/x-www-form-urlencoded format but I can't seem to get any variables passed (i.e. Node Name, Node Status, Event Type, etc.).

and the documentation doesn't have any examples for passing variables/parameters in that format.

sdaniels1 would you be open to discussing this more in a call with the PM team ? thanks

Honestly, I only know how to do the post to Splunk Enterprise. I am positive it can be done with your tool as well. Below is a possible example. Possibly look to one of the Solarwinds Value Add Vendors and they can get the exact setup you need working. 

Tried that, still no joy -

Sure

SolarWinds Orion NPM Integration Guide - VictorOps | Splunk On-Call Software

Orion works fine, we are migrating to SWO which doesn't use the same variable parameters.

Try co-pilot, it's a good start. I wish I had VIctorOps to help out but don't have an instance to try for you.

To send alerts from SolarWinds Orion (SWO) to VictorOps (now known as Splunk On-Call), you can follow these general steps:

1. Set Up an Alert in SolarWinds Orion:

   • Go to the Alerts & Activity tab in SolarWinds Orion.
   • Create a new alert or modify an existing one to include the conditions that will trigger the alert.

2. Configure the Alert Action:

   • In the alert configuration, add an action to send an HTTP POST request.
   • Use the VictorOps REST endpoint URL for the HTTP POST action. You can find this URL in your VictorOps account under Integrations.

3. Format the Payload:

   • Customize the payload to include the necessary information such as alert name, description, and severity. Ensure it matches the format expected by VictorOps.

4. Test the Integration:

   • Trigger a test alert in SolarWinds Orion to ensure it is correctly sent to VictorOps and appears in the incident timeline.

For detailed instructions and examples, you can refer to the VictorOps Knowledge Base¹.

Try co-pilot, it's a good start. I wish I had VIctorOps to help out but don't have an instance to try for you.

To send alerts from SolarWinds Orion (SWO) to VictorOps (now known as Splunk On-Call), you can follow these general steps:

1. Set Up an Alert in SolarWinds Orion:

   • Go to the Alerts & Activity tab in SolarWinds Orion.
   • Create a new alert or modify an existing one to include the conditions that will trigger the alert.

2. Configure the Alert Action:

   • In the alert configuration, add an action to send an HTTP POST request.
   • Use the VictorOps REST endpoint URL for the HTTP POST action. You can find this URL in your VictorOps account under Integrations.

3. Format the Payload:

   • Customize the payload to include the necessary information such as alert name, description, and severity. Ensure it matches the format expected by VictorOps.

4. Test the Integration:

   • Trigger a test alert in SolarWinds Orion to ensure it is correctly sent to VictorOps and appears in the incident timeline.

For detailed instructions and examples, you can refer to the VictorOps Knowledge Base¹.

Like I said, I can get the two talking - it's Step 3 that nobody can seem to answer.  How does one pass params since they aren't even remotely similar to what they are in Orion.  The documentation does not include any examples of how to do so via the application/x-www-form-urlencoded format.

These will work but that's all that I can get through on a test -

"message_type":"CRITICAL",
"monitor_name":"SolarWinds",
"monitoring_tool":"SolarWinds",

I think I'm just gonna try my luck with some other tools and see if they work any better.