<p><a href="http://www.splunk.com/">Splunk</a> is fast establishing itself as one of the must have tools for IT operations. Organizations use Splunk to consolidate machine data into a single searchable repository. Splunk provides an easy to use interface that allows users to analyze and correlate the collected data. And with the latest release Splunk now has<a href="http://docs.splunk.com/Documentation/Splunk/latest/Admin/howdoesalertingworkinSplunk"> alerting capabilities</a> where alerts can be generated for saved searches in real-time.</p><p><a href="http://www.opsgenie.com/">OpsGenie</a> leverages Splunk alerting and extends Splunk’s capabilities into mobile devices, making operational insights driven from Splunk available to uses even when user are mobile. When Splunk detects an incident that requires attention, OpsGenie notifies the users through <a href="http://www.opsgenie.com/public/features/multiple.channels.html">multiple notification channels</a>, and enables users to view the alert directly from their mobile devices. Here is how it works:</p><ol><li>A python script is executed by Splunk as an alert action and forwards the alert to OpsGenie</li><li>OpsGenie notifies the recipients through multiple channels (iPhone/Android push notifications, SMS, phone calls, etc.) according to users’ preferences.</li><li>The python script also retrieves search results data for the alert; generates a mobile friendly html file and attaches the file to the alert in OpsGenie.</li><li>Recipients view the alert, as well as the search results using OpsGenie mobile apps (iPhone app, web app etc.)</li><li>Recipients execute appropriate actions directly from the mobile apps to communicate with others, execute searches, initiate remedial processes, etc.</li><li>OpsGenie makes a callback request to a specified URL and passes the user executed action information to the customers’ systems.</li><li>All the activity around the alert (when the alert was created, when the recipients were notified, when they have viewed the alert, executed actions, etc.) are tracked and reported by OpsGenie.</li></ol><p>First let’s answer some frequently asked questions:</p><p><strong>I can already send alerts from Splunk via email. What does OpsGenie add?</strong></p><p>For critical alerts, “fire and forget” email alerts are not suitable. Recipients may not see email messages in a timely manner for variety of reasons and Splunk has no way to know whether an email has been seen by a recipient. OpsGenie uses <a href="http://www.opsgenie.com/public/features/multiple.channels.html">multiple notification channels</a> (email, SMS, mobile push notifications, phone calls, etc.) to notify the users to ensure delivery. Users can configure OpsGenie to try different methods till they see the alert. For example, a user can configure OpsGenie to send an iPhone push notification first, and make a voice call if the user does not view the alert within 5 minutes.</p><p><strong>I can already send alerts to users via SMS using xyz. What does OpsGenie add?</strong></p><p>OpsGenie alerts are not limited to short text messages. OpsGenie allows alerts to have <a href="http://www.opsgenie.com/public/features/rich.notifications.html">multiple optional fields & tags as well as attached files</a>. For example, for Splunk alerts, search results for saved search alerts are attached to the alert as an html file, enabling recipients to see what triggered the alert directly from their mobile devices. When OpsGenie sends notifications via SMS, text message includes a link to OpsGenie web app to enable users to view all alert details. In addition, OpsGenie uses multiple notification methods to ensure recipients receive the notifications to overcome delays in SMS or email delivery.</p><p><strong>Splunk has a new HTML5 UI that I can use from mobile devices. Why do I need OpsGenie?</strong></p><p>Although Splunk UI now works from mobile devices that have HTML5 support, there is no way to notify the users when a Splunk alert is triggered. OpsGenie uses push notifications, SMS etc. to notify users when there is an alert. Once notification users can use Splunk web UI to further analyze the problem. It is also worth noting that Splunk web UI works great on tablets like iPad, but not optimized for smaller mobile devices.</p><p>In addition, in many enterprise environments, Splunk servers are not accessible from outside the corporate network, hence recipients cannot access Splunk from mobile devices when they are not connected to the corporate network. OpsGenie enables recipients to see not only the alerts but also the search results without requiring access to the corporate networks, opening firewall ports etc.</p><p>In the <a href="http://www.opsgenie.com/blog/2012/07/19/splunk-alerts-on-your-iphone-with-opsgenie.html">next blog post</a>, we’ll go over how to configure Splunk and OpsGenie to notify users via iPhone push notifications for Splunk alerts!</p>![]()
↧