Splunk SMS alerts- integration manual
Here we describe how to setup Splunk with SMSEagle for SMS alerts with Splunk Modular Alert.
Splunk uses HTTP API requests (see details: API).
All you have to do at SMSEagle is to create a new user for in the webGUI. In the user settings enable API Access token.
• Visit plugin site at Splunkbase. Download tar archive. Go to Splunk -> Manage Apps -> Choose File to Upload and Done.
• Restart Splunk
Splunk_SA_CIM is required by this app.
All configuration related to SMS Gateway settings messages is done from the Apps -> SMSEagle -> Configuration.
Enter SMSEagle API token and SMSEagle URL into corresponding fields.
URL should be in form: IP.ADDRESS.OF.SMSEAGLE (for example: 192.168.0.150)
Perform a search in Splunk and then navigate to : Save As -> Alert -> Trigger Actions -> Add Actions -> SMSEagle SMS Alerts.
On this dialogue you can enter:
• “Message” – contains SMS text. You may use Splunk custom alert action tokens in this field. The action tokens will be replaced with values from alert. More information can be found in Splunk docs under topic “Advanced options for working with custom alert actions”.
• “Phone Number” or “Phonebook Group name”. “Phone Number” should be in format: country code + number, for example: +1XXXXXXXXXXXXX (Without any _ or any other symbol). “Phone Number” can also be a comma delimited list of numbers. “Phonebook Group name” is a name of a group created in SMSEagle Phonebook.
• “High Priority” – if set to yes, message will have a high priority in SMS sending queue
• “Unicode” – if the Message contains national characters, set “Unicode” to yes
• “Flash” – “No” for normal SMS, “Yes” for flash SMS
• “Date” – (optional) enter date in YYYYmmDDHHMM to schedule it to a particular GMT date time.
Browse to See triggered Alerts: Settings -> Alert Actions -> SMSEagle SMS Alerts -> View Log Events
Or you can search logs of alerts directly in Splunk : index=_internal sourcetype=”ta:smseagle:sms:alerting:log” action_name=sms_eagle