Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Push notifications for Splunk
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
default
metadata
README

README

                                            __     __   
                      .-----..--.--..-----.|  |--.|_ `. 
                      |  _  ||  |  ||__ --||     |  \  \
                      |   __||_____||_____||__|__| _/  /
                      |__|                        |__,' 
                      Push notifications for splunk

This application provides integration with third party gateways for push notifications like SMS.

Supported gateways/protocols:
- Twilio/SMS - http://www.twilio.com/sms/

++ Twilio gateway setup
1) Create an account @ https://www.twilio.com/try-twilio
2) Follow the instructions for activating your demo app
3) Edit the twilio stanza found in push/default/gateway.conf with your twilio account settings.
   NOTE: 
   * PLEASE READ the "GET STARTED IN THREE STEPS" "TRY IT" paragraph @ https://www.twilio.com/user/account
   ** When using the demo app, the to_number is limited to the number of the phone you activated your demo account with.
   *** Make sure the from_number matches the "Number" found in your Twilio sandbox
4) Restart splunk for the new settings to apply:
   splunk restart
5) Goto the main search UI and run the following search to test if your settings are correct:
   index=_internal | head 1 | pushsms to_number="XXXXXXXXXX" message="hello world"
   NOTE:
   * Error messages having a twilio.com URL's are really useful for debugging configuration problems.
   ** You can always use Splunk to further debug configuration problems using the saved search "Push Debug"
      available in the main search UI under "Searches & Reports" OR http://YOURHOST:YOURPORT/app/search/flashtimeline?s=Push%20Debug

# Alert Example Configuration:
# $SPLUNK_HOME/etc/local/savedsearches.conf
[HTTP big trouble SMS]
action.email.reportServerEnabled = 0
alert.severity = 2
alert.suppress = 1
alert.suppress.period = 5m
alert.track = 1
counttype = number of events
cron_schedule = * * * * *
dispatch.earliest_time = rt-5m
dispatch.latest_time = rt
displayview = flashtimeline
enableSched = 1
quantity = 0
relation = greater than
request.ui_dispatch_view = flashtimeline
search = source="*access.log" status="500"
action.pushsms = 1
action.pushsms.message = Something bad happened in HTTP land
action.pushsms.to_number = 9999999999

Something went wrong with that request. Please try again.