search

splunk / terraform-provider-splunk

Terraform Provider for Splunk
Mozilla Public License 2.0
103 stars 77 forks source link

Adding Action of Pagerduty to saved searches #144

Open tameraz-tr opened 1 year ago

tameraz-tr commented 1 year ago

Hi,

there is any way to use an action of PagerDuty using the model the same as using sending to email?

Koleon commented 1 year ago

What about the latest update v1.4.19, does it solve your request?

tameraz-tr commented 1 year ago

we need to add the custom details section inside the configuration that's missing.

Thanks

On Thu, 25 May 2023 at 13:13, Koleon @.***> wrote:

What about the latest update v1.4.19 https://github.com/splunk/terraform-provider-splunk/blob/master/CHANGELOG.md#1419, does it solve your request?

— Reply to this email directly, view it on GitHub https://github.com/splunk/terraform-provider-splunk/issues/144#issuecomment-1562645435, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOHPB2XIG3WRZVGH74IZP7LXH4WEPANCNFSM6AAAAAAS4C2G3Q . You are receiving this because you authored the thread.Message ID: @.***>

--

Best Regards, Tamer Azem | Monitoring Tech Lead M: +972 (0)54 7283015 A: 30 @.***,34.8389616,17z/data=!3m1!4b1!4m2!3m1!1s0x151d49ead9db36f9:0x72d1bee8afa73833?hl=en> Sheshet Hayamin St. Bnei Brak, Israel.

Your Social Investment Networkwww.eToro.com http://www.etoro.com/

araddas commented 1 year ago

I also heavily rely on the custom_details section for PagerDuty Alerting for Event Orchestration Routing. Can something like this be added to the provider so that custom details can be sent in the PagerDuty Payload:

Example

action_pagerduty_integration_custom_details = { "somekey": "somevalue"}

Usage


resource "splunk_saved_searches" "test" {
    name = "Test Pagerduty Alert"
    actions = "pagerduty"
    action_pagerduty_integration_url = "abcd"
    action_pagerduty_integration_url_override = "efgh"
    action_pagerduty_integration_custom_details = { "somekey": "somevalue"}
    alert_comparator    = "greater than"
    alert_digest_mode   = true
    alert_expires       = "30d"
    alert_threshold     = "0"
    alert_type          = "number of events"
    cron_schedule       = "*/1 * * * *"
    disabled            = false
    is_scheduled        = true
    is_visible          = true
    realtime_schedule   = true
    search              = "index=main level=error"
}
elhoyleo commented 1 year ago

I'm the same, the custom details are essential for my splunk -> pagerduty workflow.

pratiman commented 1 year ago

I'm also facing the same issue. Custom detail are very critical for us as it helps in routing alert to correct team in Pagerduty using event Orchestration.