Skip to main content

Splunk On-Call (VictorOps)

Splunk On-Call (VictorOps) + Pulse Integration Benefits

  • Automatically trigger incidents in Splunk On-Call when Pulse detects critical events.
  • Notify users or escalation policies based on flexible targeting options.
  • Improve incident response time by integrating alerts into your on-call workflow.

How It Works

Pulse sends incident data to Splunk On-Call using the VictorOps REST API. Alerts are sent as incidents via a POST request to the /api-public/v1/incidents endpoint.

Each request is authenticated using your API ID and API Key, and includes:

  • summary – The alert subject
  • details – Full alert payload with metadata
  • userName – The VictorOps user responsible for the alert
  • targets – Users or escalation policies to notify

Pulse maps alerts directly into incident objects in Splunk On-Call with multi-responder support.

Requirements

  • Access to the monitored cluster in Pulse.
  • Splunk On-Call (VictorOps) account.
  • The following credentials from your Splunk On-Call environment:
    • API ID
    • API Key
    • Username
    • At least one target (User or EscalationPolicy) to notify

Set Up Splunk On-Call (VictorOps)

  1. Log in to your Splunk On-Call (VictorOps) admin panel.
  2. Go to Settings → Integrations → REST Endpoint.
  3. Copy your API Key and API ID.
  4. Make sure you have a valid Username (the user responsible for creating incidents).
  5. Identify the Targets:
    • For a user: use their username
    • For an escalation policy: use the slug of the policy

For additional setup details, refer to the VictorOps Public API Docs.

Create a Splunk On-Call Alert Destination

  1. Log in to Pulse and navigate to the monitored cluster.
  2. Go to Preferences > Alerts Destinations.
  3. If no Splunk On-Call destination exists, click + Splunk On-Call.
  4. Ensure you have your API ID, API Key, Username, and Target (User or EscalationPolicy) as described in Set Up Splunk On-Call
  5. Provide the required credentials and configure the targets to notify.
  6. Set the desired alert severity (recommended: critical only).
  7. Click Save Changes.

Add Splunk On-Call Alert Destination

Disable the Splunk On-Call Alert Channel

  1. Log in to Pulse and navigate to the monitored cluster.
  2. Go to Preferences > Alerts Destinations.
  3. Disable the Splunk On-Call Alerting Destination by toggling the "enabled" toggle.
  4. Click Save Changes.

Disable Splunk On-Call Alert Destination

Uninstall the Splunk On-Call Alert Channel

  1. Log in to Pulse and navigate to the monitored cluster.
  2. Go to Preferences > Alerts Destinations.
  3. Remove the Splunk On-Call Alerting Destination by clicking the Remove icon.
  4. Click Save Changes.

Remove Splunk On-Call Alert Destination

For support please contact hello@pulse.support.