Creating Splunk alerts for BMC Helix Operations Management events by using Jitterbit Harmony

BMC Helix iPaaS, powered by Jitterbit provides a pre-built integration template to create Splunk alerts for events created in BMC Helix Operations Management. To use the integration template with the values defined out of the box, you update the project variables with details of your systems and deploy the integration template. 

The integration template provides the following capabilities: 

Use caseBMC Helix Operations Management to  Splunk
Create a new alert Creates a new alert in Splunk when an event is generated in BMC Helix Operations Management
Update an alert

Updates an alert in Splunk when the corresponding BMC Helix Operations Management event is updated

Disable alerts

Disables alerts in Splunk when the corresponding BMC Helix Operations Management event status is updated to Closed

After you deploy the integration template, Splunk alerts are created or updated when an event in BMC Helix Operations Management is created, updated, or closed. Splunk alerts are sent for any updates made in the corresponding event in BMC Helix Operations Management.

BMC Helix Operations Management to Splunk data flow

The following image gives an overview of the data flow for creating or updating a Splunk alert from a BMC Helix Operations Management event:

The following image gives an overview of the data flow for disabling a Splunk alert when a BMC Helix Operations Management event is closed:

Before you begin

Required versions
  • BMC Helix Operations Management version 20.08 and later
  • Splunk version 8.1 and later
Authentication and permissions
  • Access to a Splunk account
  • Access to create and update events in BMC Helix Operations Management
Jitterbit Harmony subscription

A valid BMC Helix iPaaS subscription

Task 1: To generate the secret key and ID for BMC Helix Operations Management

  1. Log in to BMC Helix Portal.
  2. Select Common Services > User Management.
  3. Log in to BMC Helix Operations Management.
  4. On the API users tab, click Add API User.
  5. Enter the following details required for the API user:
    • API username
    • Description
    • Key expiry
  6. Click Confirm
  7. Copy the Secret Key, API Key, and Tenant ID values. 

    Important

    You can copy the access key, and secret key only when they are generated. After that they are stored in an encrypted format and cannot be copied. If you do not copy the values when they are generated or if you lose them, you must generate a new one.

These values are required to r egister  BMC Helix iPaaS  with your BMC Helix Operations Management instance. For more information about generating the tenant ID, access key, and secret key, see  Setting up user level API keys .

Task 2: To download and import the integration template project file

  1. Download the Sync BMC Helix Operations Management Events with Splunk Alerts 2022-07-01  project file to your system.
    This file contains the BMC Helix iPaaS Cloud Studio project HOM_Splunk_ project.

    Important

    Your ability to access product pages on the EPD website is determined by the license your company purchased.

  2. As a developer, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
  3. On the projects page, click Import.
  4. Click Browse to navigate to and select the Sync BMC Helix Operations Management Events with Splunk Alerts.json file you downloaded. 
    The Project Name and Organization fields are automatically populated depending on the values defined. 
  5. From the Environment list, select the environment to which you want to import this integration template, and click Import.
    The project opens after the integration template is imported.
  6. To open the project file at a later time, select the environment where the integration templates are available, select the HOM_Splunk_ project project and click View/Edit.

Task 3: To update the project variables for the integration template

  1. Next to the Environment name, click the ellipses ... and select Project Variables.
  2. Update the following project variables:
    • Access points and authentication details for Splunk and BMC Helix iPaaS applications

      Project variableValue
      Splunk
      splunk_urlEnter the Host URL or IP address for Splunk The host URL or IP address must use the HTTPS protocol.
      splunk_usernameEnter the user ID to access Splunk.
      splunk_passwordEnter the Password of the user to access Splunk.
      splunk_portEnter the Port number for the Splunk URL.
      BMC Helix Operations Management
      hom_server_urlEnter the RestAPI URL of the BMC Helix Operations Management instance.
      hom_tenant_idEnter the Tenant ID of the API user created to access BMC Helix Operations Management in Task 1.
      hom_access_keyEnter the access key generated for BMC Helix Operations Management in Task 1.
      hom_secret_keyEnter the secret key generated for the access key in Task 1.
      hom_webhook_nameName of the API Webhook for BMC Helix Operations Management.

      BMC Helix iPaaS

      BHIP_Url

      Enter the URL to access BMC Helix iPaaS.

      BHIP_User

      Enter the user ID to access BMC Helix iPaaS.

      BHIP_User_Password

      Enter the password of the user ID to access BMC Helix iPaaS.

    • Webhook API variables

      Project variablesValue
      BHIP_Hom_Webhook_Action

      Enter the actions to create or update a Webhook on BMC Helix Operations Management.

      Valid values include CREATE and UPDATE.

      BHIP_Project_NameEnter the name of project imported used to create the Webhook API.
      BHIP_Operation_Name

      Enter the name of the operation to trigger when the Webhook API is triggered.

      This value is added to the BMC Helix iPaaS Jitterbit API. By default, the value is set to Integration API Flow Controller.

      BHIP_Integration_API_Name
      Enter the name for the Webhook API that is created in BMC Helix Platform.

      By default, this value is set to HomToSplunkTemplate.

      BHIP_Integration_API_Method

      Enter the RestAPI method that is used by the Webhook API.

      This value is added to the BMC Helix iPaaS Jitterbit API.

      Valid values include:

      • POST (Default)
      • GET
      • PUT
      • DELETE
      BHIP_Integration_API_Response_Type
      Enter the RestAPI response type used by the Webhook API created. This value is added in the BMC Helix iPaaS Jitterbit API. 

      By default, set to VARIABLE.

      BHIP_Integration_API_Security_Profile_Type

      Enter a security profile type. 

      You can set the following values for this variable:

      • BASIC
      • APIKEY
      • ANONYMOUS

      The default value is BASIC.

      Enter comma separated values to select multiple profile types (ANONYMOUS,BASIC). 

      A security profile type defines the authentication type to be used by the Webhook API while accessing BMC Helix Operations Management. This value is added in the BMC Helix iPaaS Jitterbit API.

      Important:

      • For profile types supported by the ITSM application, the security profiles are automatically created by the integration template when you enable the integration. 
      • BMC Helix iPaaS does not support OAuth authentication for this application.
      BHIP_Integration_API_Security_Profile_Name_SuffixEnter the suffix to be added to the name of security profiles created.
      BHIP_Integration_API_Security_Profile_BASIC_Auth_UsernameFor security profile type BASIC, enter the user name to be used to create the security profile.
      The Jitterbit API and the Webhook API use this user name for authentication while accessing BMC Helix Operations Management.
      BHIP_Integration_API_Security_Profile_BASIC_Auth_PasswordFor security profile type BASIC, enter the password for the security profile created. 
      The Jitterbit API and the Webhook API use this password for authentication while accessing BMC Helix Operations Management.
      BHIP_Integration_API_Security_Profile_ApiKey_Name

      For security profile type APIKEY, enter the name of the APIKEY to be used for the security profile.

      The Jitterbit API and the Webhook API use this APIKEY for authentication while accessing BMC Helix Operations Management.

      BHIP_API_TimeOut

      Enter a value, in seconds, for an API timeout.

      The minimum value must range between 30 and 180. By default, the value is set to 90.

    • Field to save the Splunk alert name in BMC Helix Operations Management

      Project variableValue
      hom_correlation_field Enter the name of the BMC Helix Operations Management field to store the name of the corresponding alert in Splunk.
    • Email notification configurations

      Project variableValue
      BHIP_SMTP_HostnameEnter the SMTP host details for emails configuration.
      BHIP_To_Email_AddressEnter the email address to which you want to send the notification emails.
      BHIP_From_Email_AddressEnter the email address from which the notification emails should be sent.
      BHIP_Email_Enabled

      To disable email notifications, change the default value to false.

      By default, the value is set to true

      This value defines if notification emails should be sent.

      BHIP_Email_On_SuccessTo disable email notifications for successful operations, set the value to false.

      By default, this value is set to true

      BHIP_Email_Data_Error

      Defines if emails should be sent if an error occurs in the data migration.

      By default, this value is set to true. To disable email notifications for errors, set the value to false.

Task 4: To deploy and enable the project

Deployment is a one-time activity that initializes the integration configurations. The UI displays a message for the deployment status.

To deploy the project and then enable the integration:

  1. To deploy the project, next to the project name, click the ellipsis ..., and select Deploy Project.
  2. To enable the integration, next to the Enable Integrations workflow, click the ellipsis ..., and select Deploy

The following image shows the steps to deploy the project and enable it by deploying the workflow:

After you enable the integration, when a new event with details matching the event criteria defined is created in BMC Helix Operations Management, a corresponding Splunk alert is generated. The alert is updated when the corresponding event is updated in BMC Helix Operations Management.

(Optional) Task 5: To set the time for API debug mode

By default, the debug mode is set to 2 hours after you run the integration. Debug logs are updated for the time set for the debug mode. To increase the debug mode for a longer period of time, perform the following steps:

  1. In BMC Helix iPaaS, powered by Jitterbit, select API Manager > My APIs.

  2. Open the API created for the integration. The API name is the value defined in the BHIP_Integration_API_Name project variable.

  3. Select Enable Debug Mode Until: and set it for the required date and time.

  4. Save and publish the API.

(Optional) Task 6: To update the default event criteria for triggering a Splunk alert

Splunk alerts are generated for events that match the event policies defined in BMC Helix Operations Management. By default, the event policy is defined to perform actions for events with severity set to critical, alerts are generated for any new event with Severity set to Critical. To change the criteria for generating a Splunk alert for an event, update the event policy and update the Event Selection Criteria

For more information about updating event policies, see  Defining event policies for enrichment, correlation, notification, and suppression

Workflows included in the integration template

The integration template includes workflows for the basic configuration and each integration use case. The following tables describe the operations defined in each workflow. 

Enable Integration

This workflow defines the operations required to enable the integration after all the required project configurations are completed. The following operations are included in this workflow:

Operation nameActions performed
Enable IntegrationInitializex the integration
BHIP Login

Logs in to BMC Helix iPaaS by using the credentials provided in the project variables

Check Custom API and Security Profiles existVerifies if any custom APIs or security profiles exist for the BMC Helix Operations Management integration
Publish Custom API

Publishes the BMC Helix iPaaS  Jitterbit API

Create Security Profiles and Custom API

Creates the security profiles and RestAPIs in BMC Helix iPaaS

Delete API and Security Profile if neededDeletes existing APIs or security profiles, if required

Sync HOM to Splunk

This workflow creates or updates a Splunk alert when an event is created or the corresponding event is updated in BMC Helix Operations Management. The following operations are included in this workflow:

Operation nameActions performed

Integration API Flow Controller

Enables all the API entry points by using the details provided in the project variables
Parse the Source PayloadGets details of the BMC Helix Operations Management event to create an alert in Splunk
Create alert in SplunkCreates an alert in Splunk corresponding to a new event created in BMC Helix Operations Management
Update alert in SplunkUpdates the Splunk alert when the corresponding event is updated in BMC Helix Operations Management
Disable alert for closed Event

Disables the Splunk alert when the status of the corresponding event is changed to Closed

Update HOM with alertName

Adds the Splunk alert name to the BMC Helix Operations Management field defined in the hom_correlation_field project variable for the corresponding event

HOM API ResponseSends the API response to BMC Helix Operations Management
Failure notificationSends an email notification if alert creation or update fails

HOM Webhook

This workflow is called through Enable Integration workflow and registers the Webhook on BMC Helix Operations Management.

Operation nameActions performed
HOM Webhook OperationsInitiates the Webhook operations based on the operations performed
HOM Get WebhooksGets the BMC Helix Operations Management Webhook
HOM Delete Webhook

If a Webhook with the same name is provided in the hom_webhook_name project variable, deletes that Webhook  

HOM Register WebhookGenerates the Webhook in BMC Helix Operations Management
HOM Get Refresh TokenGenerates a token for the access key, secret key, and tenant ID and passes it to the HOM Get JWT operation
HOM Get JWT TokenGenerates a JSON web token (JWT) token based on the refreshed token received from HOM Get Refresh Token
HOM Get API KeyGets the BMC Helix Operations Management API Key required to execute Webhook
Was this page helpful? Yes No Submitting... Thank you

Comments