Managing sprawling enterprise content applications, along with the data that resides within these applications, has become a growing source of frustration for IT and operations teams. When an issue arises, staff can often spend a good portion of their day tracking down the root cause of a performance or user behavior issue. The fact that these applications now reside both on-premises and in the Cloud — or a combination of the two — has only complicated these efforts.
As more enterprises move away from proprietary log management systems and adopt Splunk as their events correlation engine, numerous Reveille customers have requested that we build a direct Splunk integration to better manage, prioritize and respond to events that might adversely impact application performance — without having to create and manage a separate workflow.
Introducing a new out-of-the-box integration with Splunk
Today, we are very excited to introduce a new out-of-the-box integration with Splunk which was designed to help our customers streamline and automate notifications for any enterprise content applications that Reveille is actively observing and monitoring.
With this new integration, Reveille customers are now able to:
- Accelerate Incident Response: When Reveille detects an event, it will automatically be threaded into the customer’s existing workflow for event management and incident response, improving operational efficiencies and accelerating remediation efforts. Reveille can also be configured to automatically push notifications to popular internal collaboration systems such as Slack and Microsoft Teams.
- Improve ECM Gap Visibility: This integration also provides a consolidated and real-time view of both application performance, as well as content access security gaps, enabling overburdened IT operations and security teams to deploy their resources more strategically.
- Reduce Complexity Through Automation: By leveraging bi-directional communication between Reveille and Splunk, incident and performance data is continuously and automatically synchronized between systems to minimize the manual logging of incidents by email to further extend the value of your automation initiatives.
- Improve Service Delivery: By closing the information feedback loop, customers can also more efficiently manage their Service Level Agreements (SLAs) to predetermined application performance benchmarks.
Example of How Reveille Integrates with Splunk
Reveille can send Reveille event information to Splunk Enterprise or Splunk Cloud using the Splunk HTTP Event Collector. This can be completed by following the below steps.
Summary of Enablement:
- Create Splunk token and define the Splunk HTTP Event Collector. Source Type should be _json
- Create a new Splunk Employee entry in the Reveille User Console with appropriate parameters.
- Assign Employee to Reveille On-Call Group or specific monitor test by using the Reveille User Console.
- Verify event is processed by Splunk HTTP Event Collector.
Example Splunk Employee Entry:
- Employee Name – descriptive name
- Employee ID – table index value, must be unique
- Notification Method – select Splunk HEC (HTTP Event Collector)
- Notify When Available – select to have the available or ‘up’ message sent by Reveille when the alert is cleared
- URL – Splunk Server Address and Port
- Splunk Authorization Token – Splunk authentication token required to access Splunk Representational State Transfer (REST) endpoint resources and operations
- Splunk Source, Index – Splunk Source, default value is Reveille, Splunk Index, default value is default
- Indexing Ack (Yes or Now) – Splunk Indexing Acknowledgement option to confirm event processing by Splunk, default value is No
- Optional Log File – Full file path for optional Splunk notification logging file