Creating Splunk alerts for BMC Helix Operations Management events by using Jitterbit Harmony
BMC Helix iPaaS, powered by Jitterbit provides a pre-built integration template to create Splunk alerts for events created in BMC Helix Operations Management. To use the integration template with the values defined out of the box, you update the project variables with details of your systems and deploy the integration template.
The integration template provides the following capabilities:
|BMC Helix Operations Management to Splunk
|Create a new alert
|Creates a new alert in Splunk when an event is generated in BMC Helix Operations Management
|Update an alert
Updates an alert in Splunk when the corresponding BMC Helix Operations Management event is updated
Disables alerts in Splunk when the corresponding BMC Helix Operations Management event status is updated to Closed
After you deploy the integration template, Splunk alerts are created or updated when an event in BMC Helix Operations Management is created, updated, or closed. Splunk alerts are sent for any updates made in the corresponding event in BMC Helix Operations Management.
BMC Helix Operations Management to Splunk data flow
The following image gives an overview of the data flow for creating or updating a Splunk alert from a BMC Helix Operations Management event:
The following image gives an overview of the data flow for disabling a Splunk alert when a BMC Helix Operations Management event is closed:
Before you begin
|Authentication and permissions
|Jitterbit Harmony subscription
A valid subscription
Task 1: To generate the secret key and ID for BMC Helix Operations Management
- Log in to BMC Helix Portal.
- Select Common Services > User Management.
- Log in to BMC Helix Operations Management.
- On the API users tab, click Add API User.
- Enter the following details required for the API user:
- API username
- Key expiry
- Click Confirm.
Copy the Secret Key, API Key, and Tenant ID values.
You can copy the access key, and secret key only when they are generated. After that they are stored in an encrypted format and cannot be copied. If you do not copy the values when they are generated or if you lose them, you must generate a new one.
These values are required to r egister BMC Helix iPaaS with your BMC Helix Operations Management instance. For more information about generating the tenant ID, access key, and secret key, see .
Task 2: To download and import the integration template project file
Download the project file to your system.
This file contains the BMC Helix iPaaS Cloud Studio project HOM_Splunk_ project.
Your ability to access product pages on the EPD website is determined by the license your company purchased.
- As a developer, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
- On the projects page, click Import.
- Click Browse to navigate to and select the Sync BMC Helix Operations Management Events with Splunk Alerts.json file you downloaded.
The Project Name and Organization fields are automatically populated depending on the values defined.
- From the Environment list, select the environment to which you want to import this integration template, and click Import.
The project opens after the integration template is imported.
- To open the project file at a later time, select the environment where the integration templates are available, select the HOM_Splunk_ project project and click View/Edit.
Task 3: To update the project variables for the integration template
- Next to the Environment name, click the ellipses ... and select Project Variables.
- Update the following project variables:
Access points and authentication details for Splunk and BMC Helix iPaaS applications
Project variable Value Splunk splunk_url Enter the Host URL or IP address for Splunk The host URL or IP address must use the HTTPS protocol. splunk_username Enter the user ID to access Splunk. splunk_password Enter the Password of the user to access Splunk. splunk_port Enter the Port number for the Splunk URL. BMC Helix Operations Management hom_server_url Enter the RestAPI URL of the BMC Helix Operations Management instance. hom_tenant_id Enter the Tenant ID of the API user created to access BMC Helix Operations Management in Task 1. hom_access_key Enter the access key generated for BMC Helix Operations Management in Task 1. hom_secret_key Enter the secret key generated for the access key in Task 1. hom_webhook_name Name of the API Webhook for BMC Helix Operations Management.
BMC Helix iPaaS
Enter the URL to access BMC Helix iPaaS.
Enter the user ID to access BMC Helix iPaaS.
Enter the password of the user ID to access BMC Helix iPaaS.
Webhook API variables
Project variables Value BHIP_Hom_Webhook_Action
Enter the actions to create or update a Webhook on BMC Helix Operations Management.
Valid values include CREATE and UPDATE.
BHIP_Project_Name Enter the name of project imported used to create the Webhook API. BHIP_Operation_Name
Enter the name of the operation to trigger when the Webhook API is triggered.
This value is added to the BMC Helix iPaaS Jitterbit API. By default, the value is set to Integration API Flow Controller.
BHIP_Integration_API_NameEnter the name for the Webhook API that is created in BMC Helix Platform.
By default, this value is set to HomToSplunkTemplate.
Enter the RestAPI method that is used by the Webhook API.
This value is added to the BMC Helix iPaaS Jitterbit API.
Valid values include:
- POST (Default)
BHIP_Integration_API_Response_TypeEnter the RestAPI response type used by the Webhook API created. This value is added in the BMC Helix iPaaS Jitterbit API.
By default, set to VARIABLE.
Enter a security profile type.
You can set the following values for this variable:
The default value is BASIC.
Enter comma separated values to select multiple profile types (ANONYMOUS,BASIC).
A security profile type defines the authentication type to be used by the Webhook API while accessing BMC Helix Operations Management. This value is added in the BMC Helix iPaaS Jitterbit API.
- For profile types supported by the ITSM application, the security profiles are automatically created by the integration template when you enable the integration.
- BMC Helix iPaaS does not support OAuth authentication for this application.
BHIP_Integration_API_Security_Profile_Name_Suffix Enter the suffix to be added to the name of security profiles created. BHIP_Integration_API_Security_Profile_BASIC_Auth_Username For security profile type BASIC, enter the user name to be used to create the security profile.
The Jitterbit API and the Webhook API use this user name for authentication while accessing BMC Helix Operations Management.
BHIP_Integration_API_Security_Profile_BASIC_Auth_Password For security profile type BASIC, enter the password for the security profile created.
The Jitterbit API and the Webhook API use this password for authentication while accessing BMC Helix Operations Management.
For security profile type APIKEY, enter the name of the APIKEY to be used for the security profile.
The Jitterbit API and the Webhook API use this APIKEY for authentication while accessing BMC Helix Operations Management.
Enter a value, in seconds, for an API timeout.
The minimum value must range between 30 and 180. By default, the value is set to 90.
Field to save the Splunk alert name in BMC Helix Operations Management
Project variable Value hom_correlation_field Enter the name of the BMC Helix Operations Management field to store the name of the corresponding alert in Splunk.
Email notification configurations
Project variable Value BHIP_SMTP_Hostname Enter the SMTP host details for emails configuration. BHIP_To_Email_Address Enter the email address to which you want to send the notification emails. BHIP_From_Email_Address Enter the email address from which the notification emails should be sent. BHIP_Email_Enabled
To disable email notifications, change the default value to false.
By default, the value is set to true.
This value defines if notification emails should be sent.
BHIP_Email_On_Success To disable email notifications for successful operations, set the value to false.
By default, this value is set to true.
Defines if emails should be sent if an error occurs in the data migration.
By default, this value is set to true. To disable email notifications for errors, set the value to false.
Task 4: To deploy and enable the project
To deploy the project and then enable the integration:
- To deploy the project, next to the project name, click the ellipsis ..., and select Deploy Project.
- To enable the integration, next to the Enable Integrations workflow, click the ellipsis ... for the Enable Integration operation, and select Run.
The following image shows the steps to deploy the project and enable it by running the operation:
After you enable the integration, when a new event with details matching the event criteria defined is created in BMC Helix Operations Management, a corresponding Splunk alert is generated. The alert is updated when the corresponding event is updated in BMC Helix Operations Management.
(Optional) Task 5: To set the time for API debug mode
By default, the debug mode is set to 2 hours after you run the integration. Debug logs are updated for the time set for the debug mode. To increase the debug mode for a longer period of time, perform the following steps:
In BMC Helix iPaaS, powered by Jitterbit, select API Manager > My APIs.
Open the API created for the integration. The API name is the value defined in the BHIP_Integration_API_Name project variable.
Select Enable Debug Mode Until: and set it for the required date and time.
Save and publish the API.
(Optional) Task 6: To update the default event criteria for triggering a Splunk alert
Splunk alerts are generated for events that match the event policies defined in BMC Helix Operations Management. By default, the event policy is defined to perform actions for events with severity set to critical, alerts are generated for any new event with Severity set to Critical. To change the criteria for generating a Splunk alert for an event, update the event policy and update the Event Selection Criteria.
For more information about updating event policies, see .
Workflows included in the integration template
The integration template includes workflows for the basic configuration and each integration use case. The following tables describe the operations defined in each workflow.
This workflow defines the operations required to enable the integration after all the required project configurations are completed. The following operations are included in this workflow:
|Initializex the integration
Logs in to BMC Helix iPaaS by using the credentials provided in the project variables
|Check Custom API and Security Profiles exist
|Verifies if any custom APIs or security profiles exist for the BMC Helix Operations Management integration
|Publish Custom API
Publishes the BMC Helix iPaaSJitterbit API
|Create Security Profiles and Custom API
Creates the security profiles and RestAPIs in BMC Helix iPaaS
|Delete API and Security Profile if needed
|Deletes existing APIs or security profiles, if required
Sync HOM to Splunk
This workflow creates or updates a Splunk alert when an event is created or the corresponding event is updated in BMC Helix Operations Management. The following operations are included in this workflow:
Integration API Flow Controller
|Enables all the API entry points by using the details provided in the project variables
|Parse the Source Payload
|Gets details of the BMC Helix Operations Management event to create an alert in Splunk
|Create alert in Splunk
|Creates an alert in Splunk corresponding to a new event created in BMC Helix Operations Management
|Update alert in Splunk
|Updates the Splunk alert when the corresponding event is updated in BMC Helix Operations Management
|Disable alert for closed Event
Disables the Splunk alert when the status of the corresponding event is changed to Closed
|Update HOM with alertName
Adds the Splunk alert name to the BMC Helix Operations Management field defined in the hom_correlation_field project variable for the corresponding event
|HOM API Response
|Sends the API response to BMC Helix Operations Management
|Sends an email notification if alert creation or update fails
This workflow is called through Enable Integration workflow and registers the Webhook on BMC Helix Operations Management.
|HOM Webhook Operations
|Initiates the Webhook operations based on the operations performed
|HOM Get Webhooks
|Gets the BMC Helix Operations Management Webhook
|HOM Delete Webhook
If a Webhook with the same name is provided in the hom_webhook_name project variable, deletes that Webhook
|HOM Register Webhook
|Generates the Webhook in BMC Helix Operations Management
|HOM Get Refresh Token
|Generates a token for the access key, secret key, and tenant ID and passes it to the HOM Get JWT operation
|HOM Get JWT Token
|Generates a JSON web token (JWT) token based on the refreshed token received from HOM Get Refresh Token
|HOM Get API Key
|Gets the BMC Helix Operations Management API Key required to execute Webhook