HaloPSA Guides
Documentation to assist with the setup and configuration of the HaloPSA platform
Splunk Integration
Splunk Configuration
This section details the configuration needed to be carried in Splunk to make the integration function correctly.
Alerts
The first step to integrating Halo with Splunk is to create at least one alert within the search and reporting app. To do this, complete a search in Splunk, and then click the Save As > Alert option in the top right corner of the screen.
You will then be able to configure your alert as you require.
Webhooks
Once you have an alert created in Splunk that you would like to auto generate tickets from, edit the alert and under "Trigger Actions", select Add Actions > Webhook. You need to add your Halo API URL to the URL option, followed by /notify. If you’re unsure of what this URL should be, it can be found in the Splunk integration configuration screen within Halo, shown a little further on in this guide.
Halo Configuration
This section details the work that needs to be carried out in Halo in order to make the Splunk integration work.
General Configuration
To enable the Splunk integration in Halo, go to Configuration > Integrations, and enable the module. Once the module has been enabled, click the menu icon for the module to begin configuring it.
Initially, you will see some text detailing the URL that needs to be used when configuring your Webhooks in Splunk.
After this, there are two options. The first of these is for you to choose the ticket type that you would like new tickets to be created with when Halo receives alerts from Splunk. The second option is for you to choose the end user that new tickets created from Splunk alerts gets assigned too.
Viewing Results
Once the integration has been configured, and a new ticket has been created from a Splunk alert, it is possible to load the results of the Splunk Search that raised the alert from the ticket. If you open any ticket created from a Splunk alert, under "Ticket Details" you will see an option for Splunk search results:
Clicking the “view results” hyperlink will open up Splunk in a new tab directly on the results page of the corresponding search that raised the alert.
Popular Guides
- Asset Import - CSV/XLS/Spreadsheet Method
- Call Management in Halo
- Creating a New Application for API Connections
- Creating Agents and Editing Agent Details
- Departments, Teams and Roles
- Halo Integrator
- Importing Data
- Multiple New Portals with different branding for one customer [Hosted]
- NHServer Deprecation User Guide
- Organisation Basics
- Organising Teams of Agents
- Step-by-Step Configuration Walk Through
- Suppliers