Splunk SMS alerts- integration manual

Here we describe how to setup Splunk with SMSEagle for SMS alerts with Splunk Modular Alert.

SMSEagle Setup

Splunk uses HTTP API requests (see details: API).
All you have to do at SMSEagle is to create new user for API access at webGUI.

Splunk Setup

• Visit plugin site at Splunkbase. Download tar archive. Go to Splunk -> Manage Apps -> Choose File to Upload and Done.
Restart Splunk

Splunk Configuration

All configuration related to SMS Gateway settings messages is done from the Apps -> SMSEagle -> Configuration.
Enter previously created API user’s username and password into corresponding fields.
URL should be in form: IP.ADDRESS.OF.SMSEAGLE (for example: 192.168.0.150)

Using plugin

Perform a search in Splunk and then navigate to : Save As -> Alert -> Trigger Actions -> Add Actions -> SMSEagle SMS Alerts
On this dialogue you can enter your “Message”, “Phone Number” in format (country code + number), for example: +1XXXXXXXXXXXXX (Without any _ or any other symbol).
and can select whether this message is of high priority, is a flash message and want to encode using Unicode.
Phone Number” can also be a comma delimited list of numbers
You can also enter date in YYYYmmDDHHMM to schedule it to a particular GMT date time.

Refer SMSEagle REST APIs documentation for indepth details.
Splunk_SA_CIM is required by this app.

Logging

Browse to See triggered Alerts: Settings -> Alert Actions -> SMSEagle SMS Alerts -> View Log Events
Or you can search logs of alerts directly in Splunk : index=_internal sourcetype=”ta:smseagle:sms:alerting:log” action_name=sms_eagle