This documentation supports the 21.3 and consecutive patch versions of BMC Helix Multi-Cloud Broker.To view an earlier version, select the version from the Product version menu.

Creating incidents for Splunk alerts via BMC Helix iPaaS, powered by Jitterbit


As an administrator, you can integrate BMC Helix ITSM with Splunk to synchronize Splunk alerts with BMC Helix ITSM incidents. When an alert is generated in Splunk, a corresponding incident is created in BMC Helix ITSM, enabling administrators to manage Splunk alerts in BMC Helix ITSM.

BMC Helix Multi-Cloud Broker, along with BMC Helix iPaaS, powered by Jitterbit provides an out-of-the-box integration template that you use to integrate BMC Helix ITSM and Splunk. You configure the integration in BMC Helix Multi-Cloud Broker and deploy the integration template to your BMC Helix iPaaS environment.

This integration provides the following capabilities:

Use case

DevOps integration capabilities

Create tickets

Create a BMC Helix ITSM incident for a Splunk alert.

Important:

  • A Splunk alert is generated based on the search criteria and saved as an Alert. If you have defined multiple alerts, a single BMC Helix ITSM incident is created for each alert.
  • The BMC Helix ITSM incident number, is added to Splunk alert Description field.

Synchronize updates

When a Splunk alert is created, the vendor data in BMC Helix Multi-Cloud Broker is automatically updated. You can then view the Splunk alert details in the BMC Helix ITSMUI.

When the BMC Helix ITSMincident is closed, all triggered alerts listed in the Splunk alert are cleared, and the BMC Helix ITSM incident number is removed from the Splunk alert Description field.

The following image gives an overview of the capabilities that this integration supports:

iPaaS_ITSM and Splunk integration.png

Before you begin

Make sure you have the following items:

View the Splunk alert details in the BMC Helix ITSM incident

After you implement the integration by using BMC Helix iPaaS, powered by Jitterbit, you can view the Splunk alert details in the corresponding BMC Helix ITSM incident.

Splunk to ITSM incident via JB.png

Data flow from Splunk to BMC Helix ITSM

iPaaS_ITSM to Splunk data flow.png

Task 1: To configure the integration

  1. Log in to BMC Helix Innovation Studio.
  2. On Workspace, click Multi-Cloud Broker.
  3. To launch BMC Helix Multi-Cloud Broker, click Visit Deployed Application.

    Tip

    Access BMC Helix Multi-Cloud Broker directly by entering the URL https://hostName:portNumber/helix/index.html#/com.bmc.dsm.mcsm/login and logging in as a tenant administrator.

  4. Click Settings Settings icon.png.
  5. Select Start Here > Quick Configuration Guide.

    The Quick Configuration Guide page is displayed.

  6. On the Step 1: Choose configuration tab, perform the following steps:

    Important

    In Choose ConfigurationHelix iPaaS (powered by Jitterbit) is selected by default. Do not change this value.

    1. Under Notifications, select ITSM Incident to Splunk Alert.

      21.3_QCG_Splunk to ITSM.png
    2. Click Next.
  7. On the Step 2: Perform configurations tab, perform the following steps:
    1. Add an operating organization, if you have not already done so.
    2. Add Splunk as the vendor organization, if you have not already done so.
    3. To add the vendor metadata, click Map vendors and perform the following steps:
      1. On the Map Vendors page, click Map Vendor.
      2. Complete the fields as described in the following table:

        Field

        Action

        Description

        Enter a description for the vendor metadata configuration.

        Ticketing Technology Provider

        From the list, select Splunk.

        (Optional) Instance Name

        If you are using multiple instances of Splunk, enter the name of the instance that you are using for this integration.

        Add Mapping

        After you select the ticketing technology provider, click Add Mapping.

        BMC Helix Multi-Cloud Broker displays the default values in the Instance URL field and the Display Field Mapping section.

        Instance URL

        Update the instanceUrl in the default URL.

        The default value of this variable is https://{instanceUrl}/Splunk/app.do#alertDetailsReportPlace:{alertId}/overview.

        For example, update the default value to https://Splunk.bmc.com/Splunk/app.do#alertDetailsReportPlace:{alertId}/overview.

        Process Name

        Enter a name for the process that is created in BMC Helix Innovation Studio.


        The default value of this variable is com.bmc.dsm.ticket-brokering-lib:Connector Process Splunk for {description}.

        Display Field Mapping

        By default, the basic Splunk fields are mapped in this section.

        If you want to map additional fields to be displayed in the BMC Helix ITSMUI, add the relevant mappings by clicking Curly brace_Field mappings.png.

        Integration Platform

        Select Jitterbit.


      3. Click Save.
    4. In the Configure Splunk integration section, refer to the configuration steps listed and select the check boxes as you complete each step.
    5. Click Save.

Task 2: To import the integration template project file

  1. Log in to BMC Helix iPaaS and navigate to Cloud Studio.
  2. Select your organization.
  3. On the projects page, click Import.
  4. Click Browse to navigate to and select the JSON file that you downloaded from the Electronic Product Distribution site.
    The Project Name and Organization fields are automatically populated. The default project name is displayed, but you can change it, as needed.
  5. From the Environment list, select the environment to which you want to import this integration template, and click Import.
    The project opens after the integration template is imported. 
  6. To open the project file at a later time, select the environment where the integration templates are available, select the project name, and click View/Edit.

Task 3: To update the project variables for the integration template

  1. Click the ellipsis ... next to the project name and select Project Variables.
    21.05_Click Project Variables.png
  2. Update the project variables as described in the following tables:
    • BMC Helix iPaaS project variables

      Project variable

      Action

      BHIP_API_Name

      Enter the name for API that is created in BMC Helix iPaaS to receive BMC Helix Multi-Cloud Broker webhook requests.

      The default value of this variable is SplunkAPIName.

      Do not change the name.

      BHIP_API_User_Roles

      Specify the organization roles that should have access to the new API. You can add multiple, comma separated values.
      Important: If you do not specify any value, all the organization roles get access to the new API.

      BHIP_MCB_API_Profile_User_Name

      The integration template creates an API in BMC Helix iPaaS to handle requests from BMC Helix Multi-Cloud Broker.

      Enter the user name that should be used while creating the BMC Helix Multi-Cloud Broker API profile.

      BHIP_MCB_API_Profile_User_Password

      Enter the password that should be used while creating the BMC Helix Multi-Cloud Broker API profile.

      The integration template creates an API in BMC Helix iPaaS to handle requests from BMC Helix Multi-Cloud Broker.

      BHIP_Vendor_API_Profile_ApiKey_Name

      Enter the APIKEY name for the security profile that you want to use with the vendor API. 

      Important: Provide a value for this variable only if you select the APIKEY option in BHIP_Vendor_API_Profile_Type.

      BHIP_Vendor_API_Profile_Type

      The integration templates create APIs to accept requests from a vendor.

      Enter one of the following API authentication mechanisms that you want to use with this API:

      • BASIC
      • ANONYMOUS
      • APIKEY

      BHIP_Vendor_API_Profile_User_Name

      Enter the user name for the security profile that you want to use with the vendor API. 

      Important: Provide a value for this variable only if you select the BASIC option in BHIP_Vendor_API_Profile_Type.

      BHIP_Vendor_API_Profile_User_Password

      Enter the password for the security profile that you want to use with the vendor API. 

      Important: Provide a value for this variable only if you select the BASIC option in BHIP_Vendor_API_Profile_Type.

      BHIP_Host

      Enter the BMC Helix iPaaS instance URL where you want to run this project. Important: Make sure that you do not enter any leading and trailing spaces.

      BHIP_User_Name

      Enter the user name for the BMC Helix iPaaS instance.

      BHIP_User_Password

      Enter the password for the BMC Helix iPaaS instance.

      Enable_BMC_Helix_To_Vendor_Integration

      By default, this variable is set to true.

      Important: This variable enables the updates of Splunk alerts from BMC Helix ITSMincidents.

      Enable_Vendor_To_BMC_Helix_Integration

      By default, this variable is set to true.

      Important: This variable enables the creation of BMC Helix ITSM incidents from Splunk, and synchronization of updates and comments.

    • Splunk variables:

      Project variable

      Action

      Splunk_Alert_Name

      Enter the name for the Splunk alerts for which an incident should be created. To add multiple values, use a comma separated list.

      Splunk_Host

      Enter the Splunk instance URL where you want to run this project.

      Splunk_Port

      Enter the port number for the Splunk URL.

      Splunk_User_Name

      Enter the user name to access Splunk.

      Splunk_User_Password

      Enter the password for the Splunk user.

    • BMC Helix Multi-Cloud Broker project variables:

      Project variable

      Action

      MCB_Host

      Enter the BMC Helix Multi-Cloud Broker host URL to which Splunk alerts should be synchronized.

      MCB_User_Name

      Enter the user name that enables users to interact with BMC Helix Multi-Cloud Broker.

      MCB_User_Password

      Enter the password for the provided user name.

      MCB_Vendor_Name

      This variable is autopopulated. Do not change the default value.

      The following variables are inputs from BMC Helix ITSM. Either enter values for these variables or map appropriate Splunk fields if the data is available:

      Project variable

      Action

      ITSM_Company_Name

      Enter the company name for which the integration template needs to be run; for example, Calbro Services.

      ITSM_Customer_First_Name

      Enter the first name of the BMC Helix ITSM customer.

      ITSM_Customer_Last_Name

      Enter the last name of the BMC Helix ITSMcustomer.

      ITSM_Incident_Type

      Enter any of the following incident types for which you want to create a Splunk alert:

      • User Service Restoration
      • User Service Request
      • Infrastructure Restoration
      • Infrastructure alert
      • Security Incident

      Splunk alerts are generated only for the incidents of the types defined in this variable. The default value of this variable is User Service Restoration.

Task 4: To deploy and enable the project

Deployment is a one-time activity that initializes the integration configurations. The UI displays a message for the deployment status.

The following image shows the steps to deploy the project and then enable it by deploying the workflow:

Image_enable integration workflow steps.png

(Optional) Task 5: To set the time for API debug mode

By default, the debug mode is set to 2 hours after you run the integration. Debug logs are updated for the time set for the debug mode. To increase the debug mode for a longer period of time, perform the following steps:

  1. In BMC Helix iPaaS, powered by Jitterbit, select API Manager > My APIs.
  2. Open the BMC_Helix_ITSM_Incident_And_Splunk_alert_Vendor_To_MCB API.
  3. Select Enable Debug Mode Until: and set it for the required date and time.
  4. Save and publish the API.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*