I have an enterprise app that of course does a lot of things. When some of these things fail, we want to either call a webservice, or possibly send an email, that generates a ticket within the IT ticketing system. (The webservice is definitely available; we're verifying whether or not email input is enabled for us.)
Are OOTB Splunk searches & alerts flexible enough to handle sending a customized email on their own, or do I need to look at a Splunk app, or possibly even polling the Splunk REST API?
The idea would be:
1. Splunk parses a log event of some type or within a specified ID range.
2. Splunk, a Splunk app, or an external app sends an email to the ticketing system that includes the body of the event, and possibly other details.
↧