diff --git a/alerts-detectors-notifications/alerts-and-detectors/alerts-detectors-notifications.rst b/alerts-detectors-notifications/alerts-and-detectors/alerts-detectors-notifications.rst index 13de73aa9..b77a94681 100644 --- a/alerts-detectors-notifications/alerts-and-detectors/alerts-detectors-notifications.rst +++ b/alerts-detectors-notifications/alerts-and-detectors/alerts-detectors-notifications.rst @@ -85,7 +85,7 @@ To learn more, see :ref:`condition-reference`.

Alerts

-When data in an input MTS matches a condition, the detector generates a trigger event and an alert that has a specific severity level. You can configure an alert to send a notification using Splunk On-Call. For more information, see the :new-page:`Splunk On-Call ` documentation. +When data in an input MTS matches a condition, the detector generates a trigger event and an alert that has a specific severity level. You can configure an alert to send a notification using Splunk On-Call. For more information, see the :ref:`about-spoc` documentation. Alert rules use settings you specify for built-in alert conditions to define thresholds that trigger alerts. When a detector determines that the conditions for a rule are met, it triggers an alert, creates an event, and sends notifications (if specified). Detectors can send notifications via email, as well as via other systems, such as Slack, or via a webhook. diff --git a/gdi/opentelemetry/components/receiver-creator-receiver.rst b/gdi/opentelemetry/components/receiver-creator-receiver.rst index 91bd08894..777ed64ed 100644 --- a/gdi/opentelemetry/components/receiver-creator-receiver.rst +++ b/gdi/opentelemetry/components/receiver-creator-receiver.rst @@ -7,9 +7,9 @@ Receiver creator receiver .. meta:: :description: Use the receiver creator to create receivers at runtime in the OpenTelemetry Collector based on rules. Read on to learn how to configure the component. -The receiver creator receiver allows the Splunk Distribution of the OpenTelemetry Collector to create new receivers at runtime based on configured rules and observer extensions. The supported pipeline types are ``metrics``, ``traces``, and ``logs``. See :ref:`otel-data-processing` for more information. +Use the Receiver creator receiver with the Splunk Distribution of the OpenTelemetry Collector to create new receivers at runtime based on configured rules and observer extensions. The supported pipeline types are ``metrics``, ``traces``, and ``logs``. See :ref:`otel-data-processing` for more information. -You can use any of the following observer extensions as listeners for the receiver creator: +You can use any of the following observer extensions as listeners for the Receiver creator: - ``docker_observer``: Detects and reports running container endpoints through the Docker API. - ``ecs_task_observer``: Detects and reports container endpoints for running ECS tasks. @@ -29,17 +29,16 @@ Follow these steps to configure and activate the component: - :ref:`otel-install-windows` - :ref:`otel-install-k8s` -2. Configure the receiver creator receiver as described in the next section. +2. Configure the Receiver creator receiver as described in the next section. 3. Restart the Collector. -Sample configurations +Sample configuration ---------------------- -To activate the receiver creator receiver, add the desired extensions to the ``extensions`` section of your configuration file, followed by ``receiver_creator`` instances in the ``receivers`` section. For example: +To activate the Receiver creator receiver add the desired extensions to the ``extensions`` section of your configuration file, followed by ``receiver_creator`` instances in the ``receivers`` section. For example: .. code-block:: yaml - extensions: # Configures the Kubernetes observer to watch for pod start and stop events. k8s_observer: @@ -76,16 +75,10 @@ To activate the receiver creator receiver, add the desired extensions to the ``e You can nest and configure any supported receiver inside the ``receivers`` section of a ``receiver_creator`` configuration. Which receiver you can nest depends on the type of infrastructure the receiver creator is watching through the extensions defined in ``watch_observers``. -Rules expressions ------------------------------------- - -New receivers are created dynamically based on rules. Each rule must start with ``type == ("pod"|"port"|"hostport"|"container"|"k8s.node") &&`` such that the rule matches only one endpoint type. For a list of variable available to each endpoint type, see :new-page:`Rules expressions ` on GitHub. - - -Docker observer example +Example: Docker observer ------------------------------------ -The following example shows how to configure the receiver creator using the Docker observer: +The following example shows how to configure the Receiver creator receiver using the Docker observer: .. code-block:: yaml @@ -113,10 +106,10 @@ The following example shows how to configure the receiver creator using the Dock .. note:: See :new-page:`https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/extension/observer/dockerobserver/README.md` for a complete list of settings. -Kubernetes observer example +Example: Kubernetes observer ------------------------------------ -The following example shows how to configure the receiver creator using the Kubernetes observer: +The following example shows how to configure the receiver creator receiver using the Kubernetes observer: .. code-block:: yaml @@ -149,10 +142,18 @@ The following example shows how to configure the receiver creator using the Kube .. note:: See :new-page:`https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/extension/observer/k8sobserver/README.md` for a complete list of settings. +Rules to create new receivers +============================================ + +You can use this receiver to dynamically create new receivers based on rules. Each rule must start with ``type == ("pod"|"port"|"hostport"|"container"|"k8s.node") &&`` such that the rule matches only one endpoint type. + +For a list of variables available to each endpoint type, see :new-page:`Rules expressions ` on GitHub. + + Settings ====================== -The following table shows the configuration options for the receiver creator receiver: +The following table shows the configuration options for the Receiver creator receiver: .. raw:: html @@ -161,8 +162,6 @@ The following table shows the configuration options for the receiver creator rec Troubleshooting ====================== - - .. raw:: html
diff --git a/get-started/overview.rst b/get-started/overview.rst index 25d41208f..8b9396704 100644 --- a/get-started/overview.rst +++ b/get-started/overview.rst @@ -105,7 +105,7 @@ For more information, see :ref:`logs-intro-logconnect`. Splunk On-Call incident response software aligns log management, monitoring, chat tools, and more, for a single-pane of glass into system health. Splunk On-Call automates delivery of alerts to get the right alert, to the right person, at the right time. -For more information, see the :new-page:`Splunk On-Call documentation `. +For more information, see the :ref:`about-spoc`. .. raw:: html diff --git a/sp-oncall/admin/get-started/admin-getting-started.rst b/sp-oncall/admin/get-started/admin-getting-started.rst index 0e1d97051..5a0290fff 100644 --- a/sp-oncall/admin/get-started/admin-getting-started.rst +++ b/sp-oncall/admin/get-started/admin-getting-started.rst @@ -57,7 +57,7 @@ The Team page is your central location for configuring teams, schedules, rotatio :ref:`Create Escalation Policies ` - Escalation policies determine which incidents are routed, to whom they are routed, and how they are escalated. Essentially, an escalation policy is how Splunk On-Call escalates a triggered event. - Best practice for setting up your escalation policy is to establish a minimum of three escalation paths: on-duty user, previous or next user in a rotation, and manager or team lead. -- :ref:`Read this post ` for more tips and tricks on how to manage multiple alert behaviors within a single team. +- :ref:`Read this post ` for more tips and tricks on how to manage multiple alert behaviors within a single team. - :ref:`Configure Routing Keys ` - Routing keys tie the alerts from your monitoring tools to the specific team (or escalation policy) in Splunk On-Call. This helps get the right person on the problem and reduce alert noise for those unrelated to a specific incident. These can be found by navigating to :menuselection:`Settings` then :menuselection:`Routing Keys`. diff --git a/sp-oncall/admin/get-started/api.rst b/sp-oncall/admin/get-started/api.rst index f236daf94..3a62d0cb6 100644 --- a/sp-oncall/admin/get-started/api.rst +++ b/sp-oncall/admin/get-started/api.rst @@ -1,5 +1,3 @@ - - .. _spoc-api: ************************************************************************ diff --git a/sp-oncall/admin/get-started/onboarding-milestones.rst b/sp-oncall/admin/get-started/onboarding-milestones.rst index fd9d34fab..068e69057 100644 --- a/sp-oncall/admin/get-started/onboarding-milestones.rst +++ b/sp-oncall/admin/get-started/onboarding-milestones.rst @@ -49,7 +49,7 @@ Team milestones include the following: - :ref:`schedule-examples` #. Implementation of Team Workflows, including: - :ref:`Create escalation policies `. - - :ref:`Tips and tricks for multiple escalation policies `. + - :ref:`Tips and tricks for multiple escalation policies `. Integration milestones diff --git a/sp-oncall/admin/get-started/team-dashboard.rst b/sp-oncall/admin/get-started/team-dashboard.rst index 7372408a7..2252475cf 100644 --- a/sp-oncall/admin/get-started/team-dashboard.rst +++ b/sp-oncall/admin/get-started/team-dashboard.rst @@ -1,7 +1,7 @@ .. _team-dashboard: ************************************************************************ -Splunk On-Call Team dashboard +Splunk On-Call ************************************************************************ .. meta:: @@ -9,7 +9,7 @@ Splunk On-Call Team dashboard -The Splunk On-Call Team Dashboard provides a comprehensive overview of incidents. This view automatically defaults to the teams that you are a member of and allows teams to dive into the details and understand the status of alerts or incidents. +The Splunk On-Call provides a comprehensive overview of incidents. This view automatically defaults to the teams that you are a member of and allows teams to dive into the details and understand the status of alerts or incidents. All incidents derived from integrated monitoring tools in the incident table include their respective logos to help you rapidly identify the source of an alert. Manually created incidents, along with incidents originating from the Email Endpoint or the REST API integrations, will remain logo free. @@ -17,7 +17,7 @@ Information Alerts can still be found on the Timeline Page. .. image:: /_images/spoc/team-dashboard.png :width: 100% - :alt: An image of the team dashboard. On-Call individuals listed on the left; Team incidents are shown in the main pane. + :alt: An image of the . On-Call individuals listed on the left; Team incidents are shown in the main pane. Filters @@ -44,12 +44,12 @@ Quickly identify responsible parties during a firefight by easily seeing which p Manual Incident Creation ---------------------------- -You can create a manual incident from the team dashboard by selecting :guilabel:`Create Incident` in the top right corner. For instructions, see :ref:`manual-incident`. +You can create a manual incident from the by selecting :guilabel:`Create Incident` in the top right corner. For instructions, see :ref:`manual-incident`. Incident War Rooms ---------------------------- -Access Incident Details directly from the Team Dashboard by selecting the incident number link. This will expand the incident and its event history in the :ref:`Incident War Room `. +Access Incident Details directly from the by selecting the incident number link. This will expand the incident and its event history in the :ref:`Incident War Room `. People Table ================== diff --git a/sp-oncall/admin/sso/single-sign-sso.rst b/sp-oncall/admin/sso/single-sign-sso.rst index 053caabf8..98502e39c 100644 --- a/sp-oncall/admin/sso/single-sign-sso.rst +++ b/sp-oncall/admin/sso/single-sign-sso.rst @@ -10,13 +10,17 @@ Configure Single Sign-On for Splunk On-Call .. toctree:: :hidden: - sp-sso-okta - sp-sso-google - sp-sso-adfs + Configure SSO for Okta + Configure SSO for Google + Configure SSO for ADFS + Configure SSO for other IDPs sp-sso-users -Requirements -================== +.. raw:: html + + +

Requirements

+ This integration is compatible with the following versions of Splunk On-Call: @@ -25,18 +29,16 @@ This integration is compatible with the following versions of Splunk On-Call: To enable single sign-on (SSO) for your organization, you will need to provide an updated metadata file and your IDP. If you are interested in setting up SSO, please contact :ref:`Splunk On-Call Support `. - - Configure Single Sign On (SSO) between your Identity Provider (IDP) and Splunk On-Call. Our standard SSO setup uses SAML 2.0 protocol. As long as your IDP can use SAML 2.0 protocol, it can integrate with Splunk On-Call. The exact steps differ depending on which IDP you use, but the process typically involves exporting a .XML metadata file and sending it to our Support team. Once you have sent the .xml file, a Splunk On-Call support specialist will complete the setup on the back-end and respond with confirmation. If your IDP does not have SAML capability, please contact Splunk On-Call Support to explore what alternative options may be available. For details on how to contact Splunk On-Call Support, see :ref:`spoc-support`. - - - -Administrator Setup -========================== +.. raw:: html + + +

Configure SSO: Admin guides

+ Instructions to complete the SSO configuration with Splunk On-Call and your IDP are provided for: @@ -46,51 +48,10 @@ Instructions to complete the SSO configuration with Splunk On-Call and your IDP - :ref:`sso-azure-spoc` - :ref:`sso-aws-spoc` +.. raw:: html + + +

Sign in to Splunk On-Call through SSO: User guide

+ - -.. _sso-onelogin-spoc: - - -OneLogin -------------- - -If you are configuring SSO for OneLogin, the Default relay state is: - - https://portal.victorops.com/auth/sso/<> - - -.. _sso-azure-spoc: - - -Azure Active Directory (SAML-based Sign-on) -------------------------------------------------------- - -If you are configuring SSO for Azure Active Directory, use the following values: - -- Identifier: :samp:`https://victorops.com` -- Reply URL: :samp:`https://sso.victorops.com/sp/ACS.saml2` -- Sign on URL: :samp:`https://portal.victorops.com/auth/sso/<>` -- Relay State: :samp:`https://portal.victorops.com/auth/sso/<>` - - -.. _sso-aws-spoc: - -AWS IAM Identity Center - SAML -------------------------------------------------------- - -If you are configuring SSO for AWS IAM Identity Center: - - -#. In the IAM Identity Center console find the :guilabel:`Applications` tab. -#. Select :guilabel:`Add Application` and look for VictorOps. -#. In the configuration settings ensure you set the fields as follows: - - - Important: Ensure the Session Duration is set to 1hour. - -.. image:: /_images/spoc/sso-aws1.png - :width: 100% - :alt: Application properties page. - -.. image:: /_images/spoc/sso-aws2.png - :width: 100% - :alt: Application metadata page. \ No newline at end of file +See :ref:`sp-sso-users`. \ No newline at end of file diff --git a/sp-oncall/admin/sso/sp-sso-google.rst b/sp-oncall/admin/sso/sp-sso-google.rst index 43944e022..ad2c392a7 100644 --- a/sp-oncall/admin/sso/sp-sso-google.rst +++ b/sp-oncall/admin/sso/sp-sso-google.rst @@ -1,44 +1,12 @@ -.. _single-sign-sso-google: +.. _sso-google-spoc: ************************************************************************ -Configure Single Sign-On for Splunk On-Call +Configure Single Sign-On for Splunk On-Call using Google Apps ************************************************************************ .. meta:: :description: Enable Splunk On-Call SSO for your organization. -Requirements -================== - -This integration is compatible with the following versions of Splunk On-Call: - -- Full-Stack - -To enable single sign-on (SSO) for your organization, you will need to provide an updated metadata file and your IDP. If you are interested in setting up SSO, please contact :ref:`Splunk On-Call Support `. - - - -Configure Single Sign On between your Identity Provider (IDP) and Splunk On-Call. Our standard SSO setup uses SAML 2.0 protocol. As long as your IDP can use SAML 2.0 protocol, it can integrate with Splunk On-Call. The exact steps differ depending on which IDP you use, but the process typically involves exporting a .XML metadata file and sending it to our Support team. Once you have sent the .xml file, a Splunk On-Call support specialist will -complete the setup on the back-end and respond with confirmation. - -If your IDP does not have SAML capability, please contact Splunk On-Call Support to explore what alternative options may be available. For details on how to contact Splunk On-Call Support, see :ref:`spoc-support`. - - -Administrator Setup -========================== - -Instructions to complete the SSO configuration with Splunk On-Call and your IDP are provided for: - -- :ref:`sso-okta-spoc` -- :ref:`sso-google-spoc` -- - - -.. _sso-google-spoc: - -Google Apps -================ - To configure SSO for Splunk On-Call using Google Apps: #. Access the Admin portal for Google Apps and navigate to :guilabel:`Apps` then :guilabel:`SAML Apps`. @@ -53,7 +21,7 @@ To configure SSO for Splunk On-Call using Google Apps: :width: 100% :alt: Splunk On-Call SSO Google Apps Setup 2 -#. From Step 2 of the wizard, select :guilabel:`Option 2` to download IDP metadata in XML format. Attach and send the downloaded .xml file to :ref:`Splunk On-Call Support `. +#. From step 2 of the guided setup, select :guilabel:`Option 2` to download IDP metadata in XML format. Attach and send the downloaded .xml file to :ref:`Splunk On-Call Support `. .. image:: /_images/spoc/sso-google3.png :width: 100% @@ -67,11 +35,8 @@ To configure SSO for Splunk On-Call using Google Apps: :alt: Splunk On-Call SSO Google Apps Setup 5 #. In the :guilabel:`Service Provider Details` step, enter the following values: - - in the :guilabel:`ACS URL` field: :samp:`https://sso.victorops.com:443/sp/ACS.saml2` - - in the :guilabel:`Entity ID` field: :samp:`victorops.com` - - in the :guilabel:`Start URL` field, enter the following with the correct Organization Slug at the end: :samp:`https://portal.victorops.com/auth/sso/<>.` - - -#. Skip the attribute mapping step and select :guilabel:`Finish`. - + - In the :guilabel:`ACS URL` field: :samp:`https://sso.victorops.com:443/sp/ACS.saml2` + - In the :guilabel:`Entity ID` field: :samp:`victorops.com` + - In the :guilabel:`Start URL` field, enter the following with the correct Organization Slug at the end: :samp:`https://portal.victorops.com/auth/sso/<>.` +#. Skip the attribute mapping step and select :guilabel:`Finish`. \ No newline at end of file diff --git a/sp-oncall/admin/sso/sp-sso-other.rst b/sp-oncall/admin/sso/sp-sso-other.rst new file mode 100644 index 000000000..1a2a29092 --- /dev/null +++ b/sp-oncall/admin/sso/sp-sso-other.rst @@ -0,0 +1,49 @@ +.. _sso-other-spoc: + +***************************************************************************************** +Configure Single Sign-On for Splunk On-Call: Other IDPs +***************************************************************************************** + +.. _sso-onelogin-spoc: + +Configure OneLogin Single Sign-On for Splunk On-Call +===================================================== + +If you are configuring SSO for OneLogin, the default relay state is: ``https://portal.victorops.com/auth/sso/`` + +.. _sso-azure-spoc: + +Configure Azure Active Directory Single Sign-On for Splunk On-Call +====================================================================== + +If you are configuring SSO for Azure Active Directory, use the following values: + +- Identifier: :samp:`https://victorops.com` +- Reply URL: :samp:`https://sso.victorops.com/sp/ACS.saml2` +- Sign on URL: :samp:`https://portal.victorops.com/auth/sso/<>` +- Relay State: :samp:`https://portal.victorops.com/auth/sso/<>` + +.. _sso-aws-spoc: + +Configure AWS IAM Identity Center - SAML Sign-On for Splunk On-Call +====================================================================== + +If you are configuring SSO for AWS IAM Identity Center: + +#. In the IAM Identity Center console find the :guilabel:`Applications` tab. +#. Select :guilabel:`Add Application` and look for VictorOps. +#. In the configuration settings ensure you set the fields as follows: + * :guilabel:`Application start URL`: :samp:`https://portal.victorops.com/auth/sso/ssoconfigtester` + * :guilabel:`Relay state`: :samp:`https://portal.victorops.com/auth/sso/ssoconfigtester` + * :guilabel:`Session duration`: 1 hour + * :guilabel:`Application metadata`: Select :guilabel:`Manually type your metadata values` + * :guilabel:`Application ACS URL`: :samp:`https://sso.victorops.com/sp/ACS.saml2` + * :guilabel:`Application SAML audience`: :samp:`victorops.com` + +.. image:: /_images/spoc/sso-aws1.png + :width: 75% + :alt: Application properties page. + +.. image:: /_images/spoc/sso-aws2.png + :width: 75% + :alt: Application metadata page. \ No newline at end of file diff --git a/sp-oncall/admin/sso/sp-sso-users.rst b/sp-oncall/admin/sso/sp-sso-users.rst index fa201b7cc..47f3d46d3 100644 --- a/sp-oncall/admin/sso/sp-sso-users.rst +++ b/sp-oncall/admin/sso/sp-sso-users.rst @@ -7,94 +7,75 @@ Sign in to Splunk On-Call with SSO .. meta:: :description: Signing into Splunk On-Call with SSO, in the Web UI or on mobile. +Splunk On-Call user can use this topic for steps to log in to Splunk On-Call with SSO. To enable single sign-on (SSO) for your organization see :ref:`single-sign-sso`. - - -Requirements -================== - -This integration is compatible with the following versions of Splunk On-Call: - -- Full-Stack - -To enable single sign-on (SSO) for your organization, you will need to provide an updated metadata file and your IDP. If you are -interested in setting up SSO, please contact :ref:`Splunk On-Call Support `. - - - -Instructions for Users +Obtain your organization slug =============================== -Organization Slug: The phrase "Organization Slug" refers to the slugified version of your organization's name in Splunk On-Call. This process changes your organization name to a lowercase URL-friendly version with no spaces or punctuation, though it may contain dashes. Your Organization Slug can be found at the end of the URL when you are -logged into the Splunk On-Call portal via a web browser. - -Contact your Splunk On-Call administrator or reach out to Splunk On-Call Support if you are having trouble finding your Organization Slug. +Your organization has a URL-friendly "organization slug" in Splunk On-Call. Find your organization slug at the end of the URL when you are logged into the Splunk On-Call portal in a web browser. Contact your Splunk On-Call administrator or reach out to Splunk On-Call Support if you are having trouble finding your organization slug. -A user's login experience on the Splunk On-Call platform will be slightly different after enabling Single Sign-On for your organization. If your organization has not explicitly disabled traditional authentication, users will be able to login as normal with their Splunk On-Call credentials or login via SSO. If traditional authentication has been disabled, users will encounter an error message directing them to login via SSO if they attempt to login with their Splunk On-Call credentials. - -Web Client UI -================= - -The SSO login form can be found at this URL: https://portal.victorops.com/auth/sso - -Alternatively, you can create a link or bookmark to skip the typing and bypass the form by appending your company ID to the SSO URL, like this: https://portal.victorops.com/auth/sso/ +.. _sso-linking: -Either of these routes will direct the user's browser to your identity provider, where they will be required to authenticate and are then sent back to the Splunk On-Call timeline. +First-time SSO log in +======================== -Mobile Applications -========================= +If your organization is using SSO you need to complete a one-time linking process between your SSO provider and your Splunk On-Call account. This process creates a link between your external user ID and your Splunk On-Call user ID. If you haven't received an email invitation with the subject “Your invitation to Splunk On-Call”, contact your Splunk On-Call administrator and ask them to send you an invitation. -The Splunk On-Call client for your mobile device will also present a link on the login screen, offering the option to use your SSO credentials. +#. When you receive an email to activate your Splunk On-Call account, create your username and password and complete the account set up process. You will be directed into the Splunk On-Call platform. +#. You need to log out and select :guilabel:`Sign in via SSO”` on the log in page to complete the one-time link process. Verify that you have logged out of Splunk On-Call in every browser you are using and your IDP. +#. You are prompted to :guilabel:`Enter your Org Slug`. -iOS or Android SSO Login -------------------------- + .. image:: /_images/spoc/sso.png + :width: 80% + :alt: Enter your org slug to connect your user ID. -On the login screen, select :guilabel:`Sign in with Enterprise SSO`. This link will take you to a form prompting for your Organization Slug. After you enter your company's Organization Slug, you are redirected to your -IDP login page in a mobile browser. Once you log in through the IDP you are automatically logged into Splunk On-Call. +#. You are redirected to your IDP page where you log in using your SSO credentials. -.. _sso-linking: + .. image:: /_images/spoc/sso-org2.png + :width: 80% + :alt: Log in with your SSO credentials. -First-Time SSO Login -======================== +#. Enter your Splunk On-Call username and password. You will only need to enter your Splunk On-Call username and password once. -If your organization is using SSO you will need to do a one-time linking process between your SSO provider and your Splunk On-Call account. This will create a link between your external user ID and your Splunk On-Call user ID. If you have not received an email invitation with the subject “Your invitation to Splunk On-Call”, contact your Splunk On-Call administrator and ask them to send you an invitation. +You are redirected to the Splunk On-Call platform and have finished the one-time SSO linking process. -#. When you receive an email to activate your Splunk On-Call account, create your username and password and complete the account set up process. You will be directed into the Splunk On-Call platform. -#. You need to log out and select :guilabel:`Sign in via SSO”` on the login page to perform the one-time link. Verify that you have logged out of Splunk On-Call in every browser you are using and your IDP. -#. You are prompted to :guilabel:`Enter your Org Slug`. +How to break your SSO linkage +------------------------------- +If you are receiving an error when trying to log in to Splunk On-Call through SSO you may need to break the linkage between your Splunk On-Call username and password and your SSO provider. -.. image:: /_images/spoc/sso.png - :width: 100% - :alt: Enter your org slug to connect your user ID. +To break the linkage, ensure you are signed in to your IDP and then paste the following link into the address bar of your browser: :samp:`https://portal.victorops.com/do-defederation`. If the link between your Splunk On-Call credentials and your SSO provider is successfully broken, you will see the following message. -#. You are redirected to your IDP page where you log in using your SSO credentials. + .. image:: /_images/spoc/sso-org3.png + :width: 80% + :alt: VictorOps broken SSO linkage screen +.. note:: You might have to paste the defederation link into your browser multiple times before the message appears. -.. image:: /_images/spoc/sso-org2.png - :width: 100% - :alt: Log in with your SSO credentials. -#. Enter your Splunk On-Call username and password. You will only need to enter your Splunk On-Call username and password once, and then we will not ask for it again. +To re-associate your Splunk On-Call username and password with your SSO provider, repeat the linking steps in :ref:`sso-linking`. -You are redirected to the Splunk On-Call platform and have finished the one-time SSO linking process. +Your login experience +========================= +Your log in experience on the Splunk On-Call platform is different after enabling Single Sign-On for your organization. If your organization has not explicitly disabled traditional authentication, you will be able to log in as normal with your Splunk On-Call credentials or log in through SSO. If traditional authentication has been disabled, you will see an error message to login through SSO if you attempt to login with your Splunk On-Call credentials. -How to break your SSO linkage -========================================== +Web Client UI +---------------- -If you are receiving an error when trying to log into Splunk On-Call through SSO you may need to break the linkage between your Splunk On-Call username and password and your SSO provider. +The SSO log in form can be found at this URL: https://portal.victorops.com/auth/sso -To break the linkage, ensure you are signed in to your IDP and then paste the following link into the address bar of your browser: :samp:`https://portal.victorops.com/do-defederation` . If the link between your Splunk On-Call credentials and your SSO provider is successfully broken, you will see the error, shown below. +Alternatively, you can create a link or bookmark to bypass the SSO form. To do so, append your organization slug to the SSO URL, like this: ``https://portal.victorops.com/auth/sso/`` -.. note:: You may have to paste the defederation link into your browser multiple times before the below error message will appear. +Either of these routes will direct your browser to your identity provider, where you are required to authenticate and are then sent back to the Splunk On-Call timeline. +Mobile Applications +---------------------- -.. image:: /_images/spoc/sso-org3.png - :width: 100% - :alt: VictorOps broken SSO linkage screen +The Splunk On-Call client for your mobile device also presents a link on the log in screen offering the option to use your SSO credentials. -To re-associate your Splunk On-Call username and password with your SSO provider, repeat the linking steps in :ref:`sso-linking`. +iOS or Android SSO log in +------------------------- -If you have any questions or experience any issues, contact Splunk On-Call Support. +On the log in screen, select :guilabel:`Sign in with Enterprise SSO`. This link takes you to a form prompting you for your organization slug. After you enter your company's organization slug, you are redirected to your IDP log-in page in a mobile browser. Once you log in through the IDP you are automatically logged into Splunk On-Call. diff --git a/sp-oncall/alerts/alerts-main.rst b/sp-oncall/alerts/alerts-main.rst index 7aafba528..888f45096 100644 --- a/sp-oncall/alerts/alerts-main.rst +++ b/sp-oncall/alerts/alerts-main.rst @@ -23,7 +23,6 @@ Manage alerts incident-fields-glossary maintenance-mode notification-alert-aggregation - team-dashboard team-escalation-policy multiple-escalation-policies war-room diff --git a/sp-oncall/alerts/multiple-escalation-policies.rst b/sp-oncall/alerts/multiple-escalation-policies.rst index 65f68a31e..34272e1a4 100644 --- a/sp-oncall/alerts/multiple-escalation-policies.rst +++ b/sp-oncall/alerts/multiple-escalation-policies.rst @@ -1,6 +1,6 @@ -.. _mult-escalation-policies: +.. _multi-escalation-policies: ************************************************************************ Multiple escalation policies best practices diff --git a/sp-oncall/alerts/team-dashboard.rst b/sp-oncall/alerts/team-dashboard.rst deleted file mode 100644 index 86dad0cd3..000000000 --- a/sp-oncall/alerts/team-dashboard.rst +++ /dev/null @@ -1,89 +0,0 @@ - - -.. _incident-review-spoc: - -************************************************************************ -About the Splunk On-Call post-incident review -************************************************************************ - -.. meta:: - :description: Learn how to manually take an on-call shift from someone in real-time. Ideal for unexpected absences from work when you're on-call. - - -Team Dashboard -============== - -The Splunk On-Call Team Dashboard provides a comprehensive overview of incidents. This view automatically defaults to the teams that you are a member of and allows teams to dive into the details, understand the status. - -All incidents derived from integrated monitoring tools in the incident table include their respective logos to help you rapidly identify the -source of an alert. Manually created incidents, along with incidents originating from the Email Endpoint or the REST API integrations, will -remain logo free. - -Information Alerts can still be found on the `Timeline Page. `__ - -|image| - - -Filters -------- - -The filters provide an easy way for you to see exactly what you are looking for and nothing else. Whether you want to filter by team or by incident state, these filters allow for you to see only what is relevant to you. You can filter the incident table first by team status (with default team associations), as well as incident state. - -image _images/spoc/Filters-scaled.jpg - -Incident Table --------------- - -Quickly identify responsible parties during a firefight by easily seeing which policies are being paged, take action on an incident (acknowledge, add responder, reroute, snooze, resolve), and see the status of incidents. You can also find annotation counts, chats, and associated alerts. - -image: _images/spoc/Incidents-scaled.jpg - -Manual Incident Creation -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -You can create a manual incident from the team dashboard by selecting -“Create Incident” in the top right corner `following these -instructions `__. - -Incident War Rooms -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Access *Incident Details* directly from the *Team Dashboard* by clicking -the *incident number* link—this will expand the incident and its event -history in the `Incident War -Room. `__  - -People Table ------------- - -See a list of users that are on-call for the teams that you have -filtered for. You can see which teams that these users are on call for, -as well as clicking the user's name to take on-call or see these user's -upcoming shifts. - -You can navigate to the team's view below to see other user's associated -with teams. - -Take On-Call from Another User -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Navigate to a user in the on-call list, and click the user's name. From -here, you can take the shift from a user from the pop over. - -To revert an on-call take, click the “clear take” button from the -popover associated with your profile. - -_images/spoc/People-Table.jpg - -_images/spoc/Take-On-Call.jpg - -  - -Status Page -~~~~~~~~~~~ - -You can relay service status updates via statuspage.io by `following -these -instructions. `__ - -.. |image| image:: /_images/spoc/Screen-Shot-2020-08-18-at-9.22.05-AM.png diff --git a/sp-oncall/alerts/team-escalation-policy.rst b/sp-oncall/alerts/team-escalation-policy.rst index 7ff3f920d..d09c76dab 100644 --- a/sp-oncall/alerts/team-escalation-policy.rst +++ b/sp-oncall/alerts/team-escalation-policy.rst @@ -12,8 +12,8 @@ Escalation policies determine set who is actually on-call for a given team and a Some things to note: - Only Team and Global Admins are able to make changes to Escalation Policies -- Only users specified in the first step of an Escalation Policy will receive Timeline and Push notifications that they are on-call and will log hours in the on-call report as being on-call. If you would like users in subsequent steps of an escalation policy to receive these notifications and log these hours, see `this guide. `__ -- When an Escalation Policy is executed and a user is being notified, the user's `personal paging policy `__ determines how they will be contacted. +- Only users specified in the first step of an Escalation Policy will receive Timeline and Push notifications that they are on-call and will log hours in the on-call report as being on-call. If you would like users in subsequent steps of an escalation policy to receive these notifications and log these hours, see :ref:`multi-escalation-policies`. +- When an Escalation Policy is executed and a user is being notified, the user's personal paging policy determines how they will be contacted. See :ref:`custom-paging-policy`. Steps to Creating an Escalation Policy ============================================ @@ -64,7 +64,7 @@ A number of escalation actions are available. The different options are as follo - This will notify every member of the team that the escalation policy is created for regardless of the time of day. All users on the team will be paged for an incident, but only one user is required to ack the incident. * - Execute webhook - - This will execute the `Escalation Webhook `__ of your choosing + - This will execute the escalation webhook of your choosing. See :ref:`escalation-webhooks`. * - Send an email to email address - This will send an email to the email address you specify @@ -95,4 +95,4 @@ Features and Benefits of using Multiple Escalation Policies - Reuse Policies Across Teams: Reuse globally available escalation policies across multiple teams. -For more detailed examples on how to benefit from the use of multiple escalation policies, see :ref:`mult-escalation-policies`. +For more detailed examples on how to benefit from the use of multiple escalation policies, see :ref:`multi-escalation-policies`. diff --git a/sp-oncall/incidents/incident-pane.rst b/sp-oncall/incidents/incident-pane.rst index bfef15d70..64816ac78 100644 --- a/sp-oncall/incidents/incident-pane.rst +++ b/sp-oncall/incidents/incident-pane.rst @@ -30,7 +30,7 @@ Incident Pane Versions Supported: N/A (SaaS) VictorOps Version Required: Standard andEnterprise -The Incident Pane serves as a repository for recent activities in your Timeline. The Incident Pane, located to the right of the Timeline, houses alerts that come into Splunk On-Call. We currently store seven days or 1,000 events worth of timeline alert history, whichever comes first. Historical data that fall outside of the aforementioned storage parameters of the Incident Pane may be obtained through the use of the :new-page:`VictorOps API `. +The Incident Pane serves as a repository for recent activities in your Timeline. The Incident Pane, located to the right of the Timeline, houses alerts that come into Splunk On-Call. We currently store seven days or 1,000 events worth of timeline alert history, whichever comes first. Historical data that fall outside of the aforementioned storage parameters of the Incident Pane may be obtained through the use of the :ref:`spoc-api`. .. raw:: html diff --git a/sp-oncall/notifications/call-notification-numbers.rst b/sp-oncall/notifications/call-notification-numbers.rst index 3a1a1274f..ce215fc1d 100644 --- a/sp-oncall/notifications/call-notification-numbers.rst +++ b/sp-oncall/notifications/call-notification-numbers.rst @@ -1,5 +1,3 @@ - - .. _call-notif: ************************************************************************ @@ -7,37 +5,31 @@ Splunk On-Call notification phone numbers ************************************************************************ .. meta:: - :description: Splunk On-Call will contact you for triggered incidents using the below phone numbers and short code. You may add these numbers to your contacts in the Mobile App for both `Android `__ and `iOS `__ devices by navigating to *Settings >> Help and Support >>* *Add VictorOps to Your Contacts:* + :description: Splunk On-Call contacts you for triggered incidents using the following phone numbers and short code. + +Splunk On-Call contacts you for triggered incidents using the following phone numbers and short code. To add these numbers to your contacts in the Splunk On-Call mobile app, go to :guilabel:`Settings` then :guilabel:`Help and Support` then :guilabel:`Add VictorOps to Your Contacts`. For more information about the Splunk On-Call mobile app, see :ref:`spoc-mobile-main` .. image:: /_images/spoc/Add-Contacts-Android-1.png -**Short Code (US and Canada SMS only):** -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Short code (US and Canada SMS only) +====================================== 842867 -**Long Codes:** -^^^^^^^^^^^^^^^ - -303.653.9527 - -303.653.9644 - -303.653.9674 - -303.578.1340 - -303.835.0913 - -**International Numbers:** -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Czech Republic (SMS only): +420 736352147 - -Poland (Phone & SMS): +48 799448785 +Long codes +============= -Singapore (SMS only): +65 82410345 +* 303.653.9527 +* 303.653.9644 +* 303.653.9674 +* 303.578.1340 +* 303.835.0913 -Australia (Phone only): +61 2 6190 1305 +International numbers +======================== -Australia (SMS only): +61 476 857 069 +* Czech Republic (SMS only): +420 736352147 +* Poland (Phone & SMS): +48 799448785 +* Singapore (SMS only): +65 82410345 +* Australia (Phone only): +61 2 6190 1305 +* Australia (SMS only): +61 476 857 069 \ No newline at end of file diff --git a/sp-oncall/reports/incident-frequency-report.rst b/sp-oncall/reports/incident-frequency-report.rst index b657715e4..cc59e24f9 100644 --- a/sp-oncall/reports/incident-frequency-report.rst +++ b/sp-oncall/reports/incident-frequency-report.rst @@ -1,15 +1,12 @@ - .. _incident-frequency: ************************************************************************ -Splunk On-Call Incident Frequency Report +Splunk On-Call incident frequency report ************************************************************************ .. meta:: :description: About the user roll in Splunk On-Call. - - The goal of our Incident Frequency Report is to give your team the data and context around incidents to be proactive in your incident management response. @@ -20,16 +17,12 @@ This integration is compatible with the following versions of Splunk On-Call: - Enterprise -All users have the ability to reach out to Splunk On-Call support at any time with questions. - -Live Chat: If you are logged into your Splunk On-Call instance, you will have the ability to Live Chat with the Splunk On-Call Support team. -While the Splunk On-Call Timeline gives you the real-time firehose to give your team full context during a firefight, our Incident Frequency Report allows your team to analyze the flow of incidents after the fact. Allowing you to go upstream to solve the incident causing the problem in your system. +While the Splunk On-Call Timeline gives you the real-time information to give your team full context during a firefight, use the incident frequency report to analyze the flow of incidents after the fact. -To access the Incident Frequency Report navigate to :guilabel:`Reports`, then :guilabel:`Incident Frequency`. +To access the Incident Frequency Report go to :guilabel:`Reports` then :guilabel:`Incident Frequency`. - -Team Filtering +Team filtering ======================== Get a holistic overview of all incidents coming into Splunk On-Call by selecting the :guilabel:`All`, or take a deep dive into individual teams to uncover specific problem areas affecting your team. @@ -48,9 +41,7 @@ Identifying the problem causing area is hard to pin down, so we give you the abi :width: 100% :alt: There are four options to segment your incidents: integrations, host, service, or route key. - - -Date Range & Bucketing +Date range and bucketing -------------------------- See how incident trends impact your team on a daily, weekly, or monthly basis. It's up to you how granular your scope can be. @@ -59,8 +50,6 @@ See how incident trends impact your team on a daily, weekly, or monthly basis. I :width: 100% :alt: Segment reports by date range. - - Table view and hover state ------------------------------- @@ -83,7 +72,7 @@ Things to note about the CSV: - Timestamps are at millisecond granularity - CSV is sorted by Incident ID in descending order -CSV File Column Headings +CSV file column headings ---------------------------------- When downloading the Incident Frequency CSV file you can expect to find the following columns to include the unit of time/timezone that the incident is recorded in. Time related column headings will appear in these formats: @@ -94,8 +83,8 @@ Incident Start Time (UTC) Acknowledge Time (UTC) Resolve Time (UTC) -Incident Frequency Report: CSV field definitions -======================================================= +Incident frequency report: CSV field definitions +----------------------------------------------------- The following is a quick glossary to define fields in the IFR CSV download. These definitions sometimes differ from the Glossary of Incident Fields. @@ -152,9 +141,4 @@ The following is a quick glossary to define fields in the IFR CSV download. Thes * - Last alert time - The time of the last alert. * - Current phase - - The state of incident: Triggered, Ack'd, Resolved - - - - -https://help.victorops.com/knowledge-base/incident-fields-glossary/#glossary-of-fields + - The state of incident: Triggered, Ack'd, Resolved \ No newline at end of file diff --git a/sp-oncall/reports/post-incident-review.rst b/sp-oncall/reports/post-incident-review.rst index 8df731698..2c0663e06 100644 --- a/sp-oncall/reports/post-incident-review.rst +++ b/sp-oncall/reports/post-incident-review.rst @@ -1,18 +1,14 @@ .. _post-incident-review: ************************************************************************ -About the Splunk On-Call post-incident review +Creating a post-incident review report ************************************************************************ .. meta:: - :description: Learn about the . - + :description: The post-incident review report from Splunk On-Call allows you to gain historical insight on events surrounding a particular incident or range of time, so the next time a similar situation arises, you have a documented account of how you solved the problem. We believe it's important to not just catalog what happened in an incident, but to analyze the event in its entirety, and define actionable steps that help a team or organization dive deeper into the data. -Creating a post-incident review report ------------------------------------------ - To create a Post-Incident Review Report, access the Splunk On-Call web portal, and then select :guilabel:`Reports`. Select the :guilabel:`Post-Incident Reviews` option and select :guilabel:`New Report`. Enter a title and select :guilabel:`Create Report`. diff --git a/sp-oncall/spoc-integrations/alertsite-integration.rst b/sp-oncall/spoc-integrations/alertsite-integration.rst index 842262541..b6794713b 100644 --- a/sp-oncall/spoc-integrations/alertsite-integration.rst +++ b/sp-oncall/spoc-integrations/alertsite-integration.rst @@ -32,14 +32,12 @@ To enable the AlertSite integration in Splunk OnCall to be able to trigger and r db212e48-……8669\:strong:`+databaseteam`\ @alert.victorops.com - Team routing keys are configured at the bottom of the Settings > Integrations page. For details, see `Routing Keys `. + Team routing keys are configured at the bottom of the :guilabel:`Settings` then :guilabel:`Integrations`` page. For details, see :ref:`spoc-routing-keys`. #. If you do not use routing, remove the *+$routing_key* part, including the plus sign, so that the email looks like this: ``db212e48-……8669@alert.victorops.com`` - - Configuring AlertSite ============================== diff --git a/sp-oncall/spoc-integrations/bugsnag-integration.rst b/sp-oncall/spoc-integrations/bugsnag-integration.rst index 3a1c56df5..28903819d 100644 --- a/sp-oncall/spoc-integrations/bugsnag-integration.rst +++ b/sp-oncall/spoc-integrations/bugsnag-integration.rst @@ -1,64 +1,24 @@ -Bugsnag integration for Splunk On-Call +BugSnag integration for Splunk On-Call ********************************************************** -[ht_toggle title=“Requirements” id=“” class=“” style=“” ] +Use this guide to send your BugSnag team notifications to the Splunk On-Call timeline. -**Versions Supported: N/A (SaaS)** +Requirements +================ -**VictorOps Version Required:** Starter, Growth, or Enterprise +Splunk On-Call required version: Starter, Growth, or Enterprise -[/ht_toggle] +In Splunk On-Call +==================== -Bugsnag's cross platform error monitoring automatically detects crashes -in your applications, letting you ship with confidence. +#. From the main timeline select :guilabel:`Integrations` then :guilabel:`BugSnag`. +#. If the integration has not yet been enabled, select :guilabel:`Enable Integration`. Copy the :guilabel:`Service API Key` to your clipboard. +#. Once you have copied the API key to your clipboard, select :guilabel:`Settings` then :guilabel:`Routing Keys` to find your routing key configuration. Decide which routing_key will be used with this integration and make sure it is associated to the correct teams. You might need to create a new key.Routing keys are case sensitive. -The following will guide you through the steps needed to send you -bugsnag “Team Notifications” into the Splunk On-Call timeline. +In BugSnag +================== -**In Splunk On-Call** ---------------------- - -From the main timeline select **Integrations** *>>* **BugSnag** - -If the integration has not yet been enabled, click the “Enable Integration” button.  Copy the “Service API Key” to your clipboard. -.. image1 - -Once you have copied the API key to your clipboard, click on *Settings ->> Routing Keys* page to find your routing key configuration.  Decide -which routing_key will be used with this integration and make sure it is -associated to the correct team/s.  (You may need to create a new key) - Routing keys are case sensitive. - -.. image:: /_images/spoc/atatus2.png - :alt: atatus2 - - atatus2 - -**In Bugsnag** --------------- - -From the main web client, go into Settings. - -.. image:: /_images/spoc/bugsnag2.png - :alt: bugsnag2 - - bugsnag2 - -In settings, select **Team Notifications** and then **VictorOps**. - -.. image:: /_images/spoc/bugsnag3.png - :alt: bugsnag3 - - bugsnag3 - -Setup the alert to notify based on the options provided, and then drop -in your “VictorOps API Key” and the appropriate -`Routing `__ key. -Hit **save** and you are done! - -.. image:: /_images/spoc/bugsnag4.png - :alt: bugsnag4 - - bugsnag4 - -.. |image1| image:: /_images/spoc/Integration-Bugsnag-final.png +#. From the main web client, go into :guilabel:`Settings`. +#. In settings, select :guilabel:`Team Notifications` then :guilabel:`VictorOps`. +#. Set up the alert to notify based on the options provided, and then paste in your :guilabel:`VictorOps API Key` and the routing key. +#. Select :guilabel:`Save`. diff --git a/sp-oncall/spoc-integrations/hipchat-integration.rst b/sp-oncall/spoc-integrations/hipchat-integration.rst index 0f3967071..f9a424600 100644 --- a/sp-oncall/spoc-integrations/hipchat-integration.rst +++ b/sp-oncall/spoc-integrations/hipchat-integration.rst @@ -1,34 +1,22 @@ HipChat integration for Splunk On-Call ********************************************************** -[ht_toggle title=“Requirements” id=“” class=“” style=“” ] +Use the bi-directional integration between HipChat and Splunk On-Call to fight fires from either platform and never miss a beat. All messages entered in the Splunk On-Call timeline, including alerts, on-call changes, escalations and chats appear in the HipChat room, and vice versa. -**Splunk On-Call Version Required: Starter / Growth** for **Single Room, -Enterprise** for **Multi-Room** - -**What you need to know: Multi-Room requires the Rules Engine and -Webhooks i.e. Splunk On-Call Enterprise** - -[/ht_toggle] - -This bi-directional integration between HipChat and Splunk On-Call -(formerly called VictorOps) allows you to fight fires from either -platform and never miss a beat. All messages entered in the Splunk -On-Call timeline, including alerts, on-call changes, escalations and -chats will appear in the HipChat room, and vice versa. +Requirements +============== -This article provides step by step instructions for setting up the -integration for a Single Room or Multi-Room configuration. +* Splunk On-Call required version: Starter or Growth for Single Room, Enterprise for Multi-Room --------------- +Use these step by step instructions to set up the integration for a Single Room or Multi-Room configuration. -**Single Room** +Single Room =============== -**In Splunk On-Call** +In Splunk On-Call --------------------- -In Splunk On-Call, select *Integrations >> Hipchat*\ **.** +#. In Splunk On-Call, select :guilabel:`Integrations` then :guilabel:`Hipchat`. If the integration has not yet been enabled, click the *Enable Integration* button to generate your endpoint URL.  Be sure to replace @@ -143,9 +131,8 @@ This will allow you to change the room_id and auth_token depending on the type of alert. In the example we match on the routing key “devops” but you can match on any alert field. -Next we will need to set up an `Outbound -Webhook `__ -to send Splunk On-Call information to your HipChat room(s). +Next we will need to set up an Outbound +Webhook to send Splunk On-Call information to your HipChat room(s). See :ref:`custom-outbound-webhooks` for steps. From the Splunk On-Call timeline select Integrations *>> Outgoing Webhooks >>* *Add Webhook*. diff --git a/sp-oncall/spoc-integrations/icinga-integration.rst b/sp-oncall/spoc-integrations/icinga-integration.rst index 8dd56d46e..84dcbc347 100644 --- a/sp-oncall/spoc-integrations/icinga-integration.rst +++ b/sp-oncall/spoc-integrations/icinga-integration.rst @@ -277,7 +277,7 @@ You need to link the timeout command to a directory that is in the path. Icinga version 2 configuration =================================== -After going through the preceeding installation instructions for Icinga (or `Nagios `__), use the following steps to add the VictorOps plugin to your Icinga 2 instance. +After going through the preceding installation instructions for Icinga (or Nagios see :ref:`nagios-spoc`), use the following steps to add the VictorOps plugin to your Icinga 2 instance. You can find these steps in the README.md file in /opt/victorops/nagios_plugin/icinga2_conf diff --git a/sp-oncall/spoc-integrations/integrations-main.rst b/sp-oncall/spoc-integrations/integrations-main.rst index fb2503dc0..234d26739 100644 --- a/sp-oncall/spoc-integrations/integrations-main.rst +++ b/sp-oncall/spoc-integrations/integrations-main.rst @@ -69,7 +69,6 @@ Splunk On-Call integrations logz-io-integration mailhop-integration manage-splunk-oncall-using-terraform - microsoft-azure-oms-integration-guide-victorops microsoft-scom-integration microsoft-teams-integration-guide nagios-integration-guide @@ -110,7 +109,6 @@ Splunk On-Call integrations solarwinds-integration splunk-integration-guide splunk-synthetic-monitoring-integration-guide - splunking-victorops-data statuscast-integration-guide statushub-integration-guide statuspage-integration diff --git a/sp-oncall/spoc-integrations/jenkins-integration.rst b/sp-oncall/spoc-integrations/jenkins-integration.rst index 074a6b7b5..f168d0a5d 100644 --- a/sp-oncall/spoc-integrations/jenkins-integration.rst +++ b/sp-oncall/spoc-integrations/jenkins-integration.rst @@ -25,8 +25,7 @@ This integration is compatible with the following versions of Splunk On-Call: The remainder of this topic walks you through the Jenkins integration with Splunk On-Call. .. note:: - There are two Jenkins integrations, this one with Splunk On-Call, and the :new-page:`Jenkins Delivery Insights Integration `, - which sends notifications to the Timeline about build status. + There are two Jenkins integrations, this one with Splunk On-Call, and the Jenkins Delivery Insights Integration which sends notifications to the Timeline about build status. See :ref:`jenkins-delivery-spoc` to learn more. Splunk On-Call configuration ------------------------------ diff --git a/sp-oncall/spoc-integrations/microsoft-azure-oms-integration-guide-victorops.rst b/sp-oncall/spoc-integrations/microsoft-azure-oms-integration-guide-victorops.rst deleted file mode 100644 index d75041e41..000000000 --- a/sp-oncall/spoc-integrations/microsoft-azure-oms-integration-guide-victorops.rst +++ /dev/null @@ -1,123 +0,0 @@ -Azure OMS integration for Splunk On-Call -********************************************************** - -Microsoft Azure Monitor allows you to gain visibility and control across -your hybrid cloud with simplified operations management and security. -This integration allows you to make use of VictorOps incident management -for all your Azure alerts. - -The following will guide you through the integration. Microsoft Azure -OMS has been deprecated, but we will leverage the same endpoint in -VictorOps with the below steps to receive alerts from Azure Monitor. - -**In VictorOps**. ------------------ - -First you must enable the Microsoft Azure integration. - -.. image/_images/spoc/Navigate-to-Integrations.png - -Select the **Microsoft Azure OMS** integration option. - -Click **Enable Integration**. - -Copy the **Service API Endpoint** to your clipboard. Make sure to -update the `Routing -Key `__. - -.. image/_images/spoc/API-key-for-Azure-Integration.png - -**In Azure OMS** ----------------- - -  - -**Logic App** - -Create a `Logic -App `__. The Logic App -will serve as the central structure for the integration with VictorOps. -Follow these steps: - -- **Create a new Logic App** by clicking the *Create Resource* button - in the top left corner of the Azure Portal. You can equivalently - follow the first couple steps - in `this `__ documentation. -- **Name the application** whatever you'd like, but preferably - ‘VictorOps' -- **Select** an existing **Resource Group** or create a new one -- For now, at least, check the box to pin the application to the - dashboard -- Click **create**, it will now take a few moments to deploy -- From the dashboard, select the Logic App you have just created.From - the Logic App blade, select Logic App Designer -- For the trigger condition, select “**When an HTTP Request is - received**” - -  - -- Click **New Step, s**\ elect **Add an Action** -- Select **Request Response** -- |image2| -- For now, you can just leave it as responding with a 200 status code -- Click :guilabel:`New Step`, select :guilabel:`Add an Action` - -Select :guilabel:`HTTP - HTTP`. - -- Method: **POST** - -- URL: **VictorOps Azure Integration Endpoint** (Previously copied) - -- Headers: **Content-Type** | **application/json** - -- Body: - -{ “data”:“@triggerBody()”, -“entity_display_name”:“@triggerBody()\\['data'\\]\\['status'\\]”, -“entity_id”:“@triggerBody()\\['data'\\]\\['context'\\]\\['activityLog'\\]\\['eventDataId'\\]”, -“message_type”:“@if(equals(triggerBody()\\['data'\\]\\['status'\\],'Activated'),'critical','recovery')”, -“state_message”:“@triggerBody()\\['data'\\]\\['context'\\]\\['activityLog'\\]\\['properties'\\]\\['responseBody'\\]” -} - -- The azure variables for each field can be changed for customized - alerts in VictorOps. The azure variables include: timestamp, id, - name, conditiontype, condition, severity, subscriptionId, - resourceGroupName, resourceName, resourceType, resourceId, - portalLink. -- Below is the code view of the body. This is the best spot to edit the - values in the payload - -.. image/_images/spoc/Code-view-post-payload.png - -- Once you finish editing the payload, double check all the values in - the HTTP post action and save. -- Back in the Logic App Designer and under the “*When an HTTP Request - is Received*”, the url has now been generated. **Copy this url** to - the clipboard. - -**Alerts** - -In order to send requests to trigger the Logic App just made we can -leverage the Alerting which is native to Azure's Monitoring -functionality. Follow these steps: - -1. From the left menu pane, select **Monitoring**>> **Alerts** >> **New - Alert Rule** -2. Define the alert trigger. -3. Define the alert details with any name and description -4. For the last step, select a **New Action Group**, this action group - will fire a webhook towards your new Logic App. - - 1. For all the names, fill in a value of “victorops” - 2. For the action, select webhook - 3. For the url of the webhook, **paste the url copied earlier** from - the Logic App - -5. Save - -Alerts should now flow into the VictorOps timeline based on the trigger -conditions. If you have any questions, please contact `VictorOps -support `__. - -.. |image1| image:: /_images/spoc/Logic-App-Designer.png -.. |image2| image:: /_images/spoc/Response-200.png diff --git a/sp-oncall/spoc-integrations/pingdom-integration.rst b/sp-oncall/spoc-integrations/pingdom-integration.rst index 61eb5b569..cd7fd738c 100644 --- a/sp-oncall/spoc-integrations/pingdom-integration.rst +++ b/sp-oncall/spoc-integrations/pingdom-integration.rst @@ -38,8 +38,7 @@ assuming a routing_key value of "database": Routing keys in Splunk On-Call can be set up and associated by clicking on *Settings >> Route Keys.* -For more information on routing keys and best practices, see :new-page:`Routing keys in Splunk On-Call `. - +For more information on routing keys and best practices, see :ref:`spoc-routing-keys`. Pingdom configuration ====================== @@ -49,8 +48,7 @@ Select :guilabel:`Integrations` from the menu bar, click the "Integrations" opti In the :guilabel:`Add Integration` window, use the drop-down menu for :guilabel:`Type` to select :guilabel:`Webhook`. Give the webhook a name, and paste in the webhook URL provided by Splunk On-Call. Be sure to replace the "$routing_key" section -with your actual `routing -key `__. +with your actual routing key. Click :guilabel:`Save Integration`. diff --git a/sp-oncall/spoc-integrations/sensu-integration.rst b/sp-oncall/spoc-integrations/sensu-integration.rst index 576bbe3f2..fc9550571 100644 --- a/sp-oncall/spoc-integrations/sensu-integration.rst +++ b/sp-oncall/spoc-integrations/sensu-integration.rst @@ -70,8 +70,6 @@ Splunk On-Call Handler # # Released under the same terms as Sensu (the MIT license); see LICENSE # for details. - # Downloaded from: - # https://help.victorops.com/knowledge-base/victorops-sensu-integration/# require 'rubygems' if RUBY_VERSION < '1.9.0' require 'sensu-handler' diff --git a/sp-oncall/spoc-integrations/sentry-integration-guide-victorops.rst b/sp-oncall/spoc-integrations/sentry-integration-guide-victorops.rst index 3806fa49c..50638296d 100644 --- a/sp-oncall/spoc-integrations/sentry-integration-guide-victorops.rst +++ b/sp-oncall/spoc-integrations/sentry-integration-guide-victorops.rst @@ -35,8 +35,7 @@ From your project select :guilabel:`Settings` then :guilabel:`Integrations` and .. image:: /_images/spoc/Screen_Shot_2019-12-16_at_11_59_42_AM.png -Paste in your API key, select the appropriate `Routing -Key `__. Next, +Paste in your API key, select the appropriate Routing Key. Next, select :guilabel:`Save Changes` and then :guilabel:`Enable Plugin`. To send alerts using Splunk On-Call, you need to diff --git a/sp-oncall/spoc-integrations/setup-single-sign-on-sso-and-user-provisioning-with-okta-beta.rst b/sp-oncall/spoc-integrations/setup-single-sign-on-sso-and-user-provisioning-with-okta-beta.rst index bb37c6b27..7ed371e06 100644 --- a/sp-oncall/spoc-integrations/setup-single-sign-on-sso-and-user-provisioning-with-okta-beta.rst +++ b/sp-oncall/spoc-integrations/setup-single-sign-on-sso-and-user-provisioning-with-okta-beta.rst @@ -26,9 +26,7 @@ Important Notes --------------- - This article explains how to set up SSO using SCIM/ULM configuration. - If you need to set up SSO using **SAML configuration** instead, - please see `this - article `__. + If you need to set up SSO using **SAML configuration** instead, see :ref:`single-sign-sso` - Configuring SCIM Single Sign-On and initial activation of Okta provisioning with Splunk On-Call (formerly VictorOps) is currently not a self-service process and requires contacting the Support team. @@ -152,10 +150,8 @@ your clipboard, and click **Done**.   -8. Once you configure the **General** and **Sign-On** options, please -`open a support -ticket `__ -with subject “Okta SCIM setup request” and ask to configure Okta SCIM +8. Once you configure the **General** and **Sign-On** options, please open a support +ticket with subject “Okta SCIM setup request” and ask to configure Okta SCIM SSO for your Splunk On-Call organization. Provide the URL link you copied from the **Identity Provider metadata** from step 7 above and the list of users you will be assigning to the VictorOps (Beta) App in Okta. @@ -176,12 +172,12 @@ login as Global Admin to Splunk On-Call. 2. Navigate to **Integrations** >> **API**. If API Access is disabled, click on **Activate API Access**. More details on API access can be -found `here `__. +found here :ref:`spoc-api`. -3. Click on **Integrations >> 3rd Party Integrations**. Search for +1. Click on **Integrations >> 3rd Party Integrations**. Search for “Okta” in the search bar and click on the resulting tile. -4. In the result page, click on **Enable Integration** which will +2. In the result page, click on **Enable Integration** which will generate a bearer token as shown below. If Okta is already enabled and you wish to generate a new token, click **Revoke Token** and reenable the integration. diff --git a/sp-oncall/spoc-integrations/splunking-victorops-data.rst b/sp-oncall/spoc-integrations/splunking-victorops-data.rst deleted file mode 100644 index 719b4b617..000000000 --- a/sp-oncall/spoc-integrations/splunking-victorops-data.rst +++ /dev/null @@ -1,525 +0,0 @@ -Splunk Add-on integration for Splunk On-Call -********************************************************** - -The Splunk Add-on for On-Call (VictorOps) is a downloadable add-on -(similar to an app) that will ingest Splunk On-Call data into Splunk -using the `Splunk On-Call public -API `__. The add-on -includes pre-built dashboards to help you quick-start visualizing your -Splunk On-Call data. - -The add-on is installed on a heavy forwarder and will play nicely with -any other add-ons also installed. The add-on will create an input data -source for users, teams, on-call, and incidents. The polling interval -can be defined for each data source and data sources can be selected or -deselected depending on the data desired. - -For each type of data, the script will check to see if the API response -contains duplicate data, and if so, then the data is not indexed. For -example, all users will be polled on the interval, however, if for some -user A data looks the same, then it won't be indexed; if the user -updated their paging policy then the data will be indexed. This is -important because it will ensure that the Splunk On-Call data is a -*very* low amount. - -These reports can provide real-time visibility across multiple Splunk -On-Call instances and offer highly granular and customizable reporting. - -**Splunk Versions Supported:** - -- Splunk Enterprise, Splunk Cloud - - Platform Version: 9.0\*, 8.2\*, 8.1\*, 8.0\*, 7.3 - -- Python version 2 or 3 is supported - -\* there is presently an outstanding issue affecting the calendar -display on certain Splunk versions - -**General Requirement:** - -- **You will need an active Splunk On-Call instance before you begin.** - `Click here `__ **to start a free 14-day - trial.** -- **On-Prem**  - - - customers will need to open **port 443** for outgoing https - communication with Splunk On-Call. - - Proxy is supported (available with 1.0.5 version and above) from - the Splunk base `HERE `__ - or `contact support `__ for the - most recent version. - -**Important Notes:** - -- As there are both dashboards and data inputs for the add-on, both - - will need to be configured in all Search Heads and heavy forwarders - -- We recommend using one index per input, but it is possible to have - multiple inputs write into a single index. - -- The add-on requires macros. It is always good idea to double-check - your macros and make sure they are pointed toward the correct - indexes. - - - |image1| - -- The add-on supports proxy configurations - -**Set-Up Instructions** ------------------------ - -After downloading the add-on from the Splunk base -`here `__, it needs to be -installed. Navigate to Apps > Manage Apps >> Install App From File and -import the .tar.gz file downloaded previously. - -The Splunk add-on for On-Call should now be visible as an app in Splunk, -navigate to the app. Under Inputs, select Create New Input and choose a -type of data you would like Splunk to ingest from Splunk On-Call. For -all data types the input configuration options will look like below: - -.. image:: /_images/spoc/Screen_Shot_2020-08-06_at_9_58_34_AM.png - -- **Name** – this is a unique name for the data input. As a best - practice, choose a name that accurately represents the input. For - example, use something like vo_users\_. -- **Interval** – this is the polling interval, in seconds, at which the - Splunk On-Call API will be polled. Keep in mind the time scale that - is desired to see changes reflected in Splunk, the rate at which - updates happen in Splunk On-Call, and the resource consumption of - running the polling scripts when selecting this number.  - - - We recommend the polling interval for incidents and on call to be - around 300 seconds. While the polling interval for teams and users - to be closer to 3600 seconds but adjust these values for your - needs and use cases. - -- **Index** – select any Splunk index where the data should be - available. We recommend one index per input. You will need to update - the dashboard search macros to use the index name you decide on in - order for data to populate on the dashboards. -- **Organization ID** – Note which Splunk On-Call organization this - data is coming from. This of even more importance if collecting data - from multiple organizations in Splunk On-Call -- **API ID** – This value can be found in Splunk On-Call under - Integrations >> API (admin or alert admin required). -- **API Key** – This value can be found in Splunk On-Call under - INtegrations >> API (admin or alert admin required). - -**Input Details** -~~~~~~~~~~~~~~~~~ - -There are four types of inputs collected: users, oncall, teams (which -includes routing keys) and incidents. Each input can be selected -individually and independently of other inputs. In other words, users -have the option to decide what exactly would be indexed per -organization. Below are the inputs and their respective attributes in a -sample JSON format. - -**Users (type=user)** - -- Info - - - Names (first, last, username) - - Created date - - Date created - - Date password updated - - Verified - -- Contact Methods - Name, verification status (phone only) and value of - all contact methods. -- Paging Policy -- Organization - -**On-Call (type=oncall, events are split per team)** - -- Organization -- Team name, slug -- Escalation Policy - - - Oncall user(s) at time of index - -**Teams (type=team)** - -- Info - - - Number of members, verified members - - Team name, slug - -- Members - - - Username, first name, last name - - Verified - -- Organization -- Policies - - - Name, slug - -**Routing Keys (type=routingkey)** - -- Default routing key status (true/false) -- Organization -- Name -- Target escalation policies - - - Escalation policy name, slug - - Team name, slug - -**Incidents (source=victorops_incidents)** - -- Paged Users, Teams -- State changes (ack, resolve) -- All Metadata -- Index timestamp is set to the startTime field -- Alert Count - -**Troubleshooting** -~~~~~~~~~~~~~~~~~~~ - -Things to verify, generally in order, if encountering problems - -1. Check that the API credentials are correct. Note, this is not the - ‘Splunk API key' this is the public API key and id found under - Integrations >> API. -2. Is the environment permitted to access the outside web? Ensure that - from the host you can reach the Splunk On-Call API. Try running ‘ping - api.victorops.com' to confirm the connection. -3. You can investigate further by inspecting the logs in - $SPLUNK_HOME/var/log/splunk/ta_splunk_add_on_for_victorops_victorops\_.log. -4. If polling incidents in an organization with more than 60 incidents - in the past seven days, the incident poll can take some time to run - due to Splunk On-Call API rate limits. If the input has been - configured correctly and incident data is still not appearing, check - the above log path for the incidents log (i.e. tail -f - ta_splunk_add_on_for_victorops_victorops_incidents.log), if the last - log entry is similar to “Waiting 59.985822999999996 seconds”, the - script is waiting on rate limits to finish collecting and indexing - the data. If this issue persists, consider reducing the polling - interval. -5. If dashboard items are not appearing, check the dashboard macros by - navigating to Settings>>Advanced Search>>Search macros and ensure the - index name you created for the inputs is being used in the macros. - -[ht_toggle title=“Webhook Set Up” id=“” class=“” style=“” ] - -**Important Notes:** - -- While the webhook configuration is available if needed, we highly - recommend the native add-on instead of the webhook configuration. - -**Webhooks** ------------- - -**Ingesting Data** -~~~~~~~~~~~~~~~~~~ - -Splunk On-Call will send data to Splunk using an `HTTP Endpoint -Collector `__ -(HEC) depending upon your deployment a heavy forwarder may also be -needed. To ensure communication from Splunk On-Call to Splunk, Splunk -On-Call's range of IP addresses should be whitelisted. - -*Tip: When setting up the HEC in Splunk, create a new Source Type for -the type of data that you're sending in. This allows for you to send in -and keep track of multiple different types of OnCall data like chats, -incident action logs, different teams incidents, etc.* - -**Creating the Webhooks** -~~~~~~~~~~~~~~~~~~~~~~~~~ - -Four `outgoing -webhooks `__ -can be created, one for each event type. See below for each -configuration. While the url will be the same for each webhook, keep in -mind that the url will vary with different deployments of Splunk. - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - -
- -Splunk Version - -.. raw:: html - - - -Url - -.. raw:: html - -
- -On-Prem Instance - -.. raw:: html - - - -:samp:`https://:8088/services/collector` - -.. raw:: html - -
- -Self-Service Splunk Cloud Instance - -.. raw:: html - - - -:samp:`https://input-:8088/services/collector` - -.. raw:: html - -
- -All Other Splunk Cloud Instances - -.. raw:: html - - - -:samp:`https://http-inputs-:8088/services/collector` - -.. raw:: html - -
- -*Note: Although rare, some Splunk instances use port 443 instead of 8088 -for event ingestion.* - -The header will be the same for all webhooks and Splunk deployments. Be -sure to replace with the appropriate value for the HEC. - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - - - -.. raw:: html - -
- -Key - -.. raw:: html - - - -Value - -.. raw:: html - -
- -Authorization - -.. raw:: html - - - -Splunk - -.. raw:: html - -
- -The Content Type field should be set to application/json - -The body of each webhook will vary according to the event-type. Be sure -to replace your org slug (organization id found in the url of victorops, -such as :samp:`https://portal.victorops.com/dash//outgoing-webhooks`) in -all instance of . - --------------- - -*Event Type*: Any Incidents - -*Body*: - -{ “sourcetype”: “\_json”, “event”: { “slug”: “”, “link”: -“\https://portal.victorops.com/client//popoutIncident?incidentName=\ :math:`{{STATE.INCIDENT\_NAME}}", "type": "incident", "alertService": "`\ {{ALERT.service}}”, -“hostName”: -“:math:`{{ALERT.host\_name}}", "service": "`\ {{ALERT.service}}”, -“ENTITY_TYPE”: -“:math:`{{INCIDENT.ENTITY\_TYPE}}", "SERVICESTATE": "`\ {{ALERT.SERVICESTATE}}”, -“VO_ALERT_RCV_TIME”: -“:math:`{{ALERT.VO\_ALERT\_RCV\_TIME}}", "alert\_url": "`\ {{ALERT.alert_url}}”, -“entity_display_name”: -“:math:`{{ALERT.entity\_display\_name}}", "entity\_state": "`\ {{ALERT.entity_state}}”, -“message_type”: -“:math:`{{ALERT.message\_type}}", "monitor\_name": "`\ {{ALERT.monitor_name}}”, -“monitoring_tool”: -“:math:`{{ALERT.monitoring\_tool}}", "routing\_key": "`\ {{ALERT.routing_key}}”, -“alert_timestamp”: -“:math:`{{ALERT.timestamp}}", "ACK\_MSG": "`\ {{STATE.ACK_MSG}}”, -“ACK_USER”: -“:math:`{{STATE.ACK\_USER}}", "ACK\_TIMESTAMP": "`\ {{STATE.ACK_TIMESTAMP}}”, -“ALERT_COUNT”: -“:math:`{{STATE.ALERT\_COUNT}}", "CURRENT\_ALERT\_PHASE": "`\ {{STATE.CURRENT_ALERT_PHASE}}”, -“CURRENT_STATE”: -“:math:`{{STATE.CURRENT\_STATE}}", "ENTITY\_ID": "`\ {{STATE.ENTITY_ID}}”, -“IncidentNum”: -“:math:`{{STATE.INCIDENT\_NAME}}", "INCIDENT\_TIMESTAMP": "`\ {{STATE.INCIDENT_TIMESTAMP}}”, -“LAST_TIMESTAMP”: -“:math:`{{STATE.LAST\_TIMESTAMP}}", "MONITOR\_TYPE": "`\ {{STATE.MONITOR_TYPE}}”, -“stateService”: -“:math:`{{STATE.SERVICE}}", "alert\_uuid": "`\ {{ALERT.VO_UUID}}” } } - --------------- - -*Event Type*: Any-Paging - -*Body*: - -{ “sourcetype”: “\_json”, “event”:{ “slug”:“”, -“type”:“paging”, “user”: -“:math:`{{PAGE.USER\_ID}}", "started":"`\ {{PAGE.STARTED}}”, “page_id”: -“:math:`{{PAGE.ID}}", "attempt\_num": "`\ {{PAGE.ATTEMPT_NUMBER}}”, -“method_type”: -“:math:`{{PAGE.METHODS.0.TYPE}}", "method\_label": "`\ {{PAGE.METHODS.0.LABEL}}”, -“cancellation”: “${{PAGE.CANCELLATION}}” } } - --------------- - -*Event-type:* Any-On-Call - -*Body*: - -{ “sourcetype”: “\_json”, “event”:{ “slug”:“”, -“type”:“oncall”, -“user”:“:math:`{{ONCALL.USER\_ID}}", "state":"`\ {{ONCALL.STATE}}”, -“team”:“:math:`{{ONCALL.TEAM\_NAME}}", "group":"`\ {{ONCALL.GROUP_ID}}”, -} } - --------------- - -*Event-type:* All-Chats - -*Body*: - -{ “sourcetype”: “\_json”, “event”:{ “slug”:“”, “type”:“chat”, -“user”: “:math:`{{CHAT.USER\_ID}}", "text": "`\ {{CHAT.TEXT}}”, -“is_robot”: “${{CHAT.IS_ROBOT}}” } } - -[/ht_toggle] - -.. |image1| image:: /_images/spoc/Screen-Shot-2020-08-06-at-9.51.25-AM.png