Integrate third-party services with Splunk Observability Cloud
- Integrate third-party services with Splunk Observability Cloud
- Cloud service integrations
- Cloud service access token name
- Track usage with namedToken
- Integrate with a specific cloud service provider
- SAML-based SSO authentication integrations
- Create the integration object
- Configure the SAML SSO provider with the integration ID
- Update the integration object with the SSO information
- Notification service integrations
- Considerations for notification service integrations
Integrations connect third-party services to Splunk Observability Cloud. Each integration provides the software that Splunk Observability Cloud needs to communicate with the service, as well as an interface for configuring the connection.
When you send an API request, you need to use the endpoint specific to your organization's realm. To learn more, see Realms in endpoints.
All the integrations that Splunk Observability Cloud provides have a configuration GUI as part of the user interface. Some integrations also have a configuration API.
The following configurations are available using the API:
Cloud service integrations:
- Amazon Web Services (AWS) services, regions, namespaces, and metrics
- Google Cloud Platform services
- Microsoft Azure services
SAML-based SSO integrations:
- Microsoft Active Directory Federated Services (ADFS)
- Okta
- OneLogin
- PingOne
Services for sending alert notifications:
- Amazon EventBridge
- BigPanda
- Jira Cloud and Jira Server
- Microsoft Teams
- Opsgenie
- PagerDuty
- ServiceNow
- Slack
- Splunk On-Call
- Services that support Webhook messaging
- xMatters
To specify an integration you want, you use an enumerated string. See the Integrations topic in the Splunk Observability Cloud API Reference Documentation to find the string for each type of integration.
Cloud service integrations
Cloud service integrations ingest metrics from cloud services. This action is often known as "syncing" cloud service metrics with Splunk Observability Cloud. To set up these integrations using the API, follow these steps:
From the cloud service UI, get authentication and authorization credentials that allow Splunk Observability Cloud to connect to the service.
In the request for the integration, add the following:
Required. Credentials
Required. Integration type
Required. List of entities from which Splunk Observability Cloud should pull metrics
Optional. Name of an access token that you want Splunk Observability Cloud to use when it pulls metrics. To learn more, see the Cloud service access token name section.
This field name is different for each cloud service.
Each cloud service is described in a separate topic. For a list of these topics, see the Integrating with a specific cloud service provider topic.
Optional. List of metrics to pull.
The field name is different for each cloud service. See the developer guide documentation for the cloud service to learn more.
Other settings that control the integration. These settings are different for each cloud service.
After you create the integration, Splunk Observability Cloud can retrieve monitoring data from the cloud service.
Cloud service access token name
All cloud service integration request bodies include the namedToken
field, which lets you specify the
name of the access token (org token) that you want Splunk Observability Cloud to use when pulling metrics from the cloud
service. The token has to be an existing access token in your organization. Use the token name, not its value.
GET response bodies for cloud service integrations contain the current value of namedToken
.
If you don't specify this field, Splunk Observability Cloud uses the default access token for your organization. The system assigns this token during the creation of your organization.
To learn more about access tokens, see the Create and manage organization access tokens using Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.
Track usage with namedToken
Use namedToken
to help you track usage metrics. If you have more than one integration for the same cloud
service, use a different access token for each integration. You can then track the resource usage for each integration
instance.
To learn more about tracking resource usage with access tokens, see the Manage resource usage with access tokens using Splunk Observability Cloudd topic in the Splunk Observability Cloud user documentation.
Integrate with a specific cloud service provider
To learn more about integrating with a specific cloud service provider, see one of the following:
- Amazon Web Services (AWS): See the Integrate AWS monitoring with Splunk Observability Cloud topic.
- Google Cloud Platform (GCP): See the Integrate Google Cloud Platform Monitoring with Splunk Observability Cloud topic.
- Microsoft Azure: See the Integrate Microsoft Azure Monitoring with Splunk Observability Cloud topic.
The Integrations topic in the Splunk Observability Cloud Reference Documentation describes the request and response bodies for the cloud service provider, SAML SSO systems, and alert notification systems supported by Splunk Observability Cloud.
SAML-based SSO authentication integrations
Splunk Observability Cloud supports SAML-based SSO authentication integration for the following providers:
- Microsoft Active Directory Federation Services (ADFS)
- Okta
- OneLogin
- PingOne
To integrate with a SAML-based SSO provider:
Create an empty Splunk Observability Cloud integration object using the operation
POST https://api.<REALM>.signalfx.com/v2/integration
with a request body that specifies the SSO provider you want to use. The API responds with an integration ID.Provide the integration ID to the provider. To learn more, see the Configure SSO integrations for Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.
After you receive authentication credentials from your provider, use the operation
PUT https://api.<REALM>.signalfx.com/v2/integration/<INTEGRATION_ID>
to update the integration object you created in step 1.
The Integrations API reference documentation describes the request and response bodies for each supported SAML-based SSO authentication provider.
Create the integration object
The following curl
command demonstrates how to create the empty integration object:
<SAML_INTEGRATION_TYPE>
: Enumerated string for the provider you want to create.<INTEGRATION_NAME>
: Name you provide to differentiate this integration instance from others that you've created for the SSO provider. Using this name, you can set up multiple integrations for the same provider.
You must use an access token associated with a user who has administrative access for your organization. To learn more, see the Authentication Tokens topic.
$ curl \ --request POST \ --header 'X-SF-Token: <ORG_TOKEN>' \ --header 'content-type: application/json' \ --data \ '{ "type": "<SAML_TYPE>", "name": "<INTEGRATION_NAME>" }' https://api.<REALM>.signalfx.com/v2/integration
The response object for a successful request is similar to the following.
<INTEGRATION_ID>
is the ID that Splunk Observability Cloud assigns to the integration:
{ "type": "<SAML_INTEGRATION_TYPE>", "name": "<INTEGRATION_NAME>", "id": "<INTEGRATION_ID>" }
Configure the SAML SSO provider with the integration ID
To learn how to configure the SAML SSO provider with the ID of the integration you created, see the Configure SSO integrations for Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.
Complete the steps contained in that topic.
After you complete the steps, you need to have the following information from your provider:
<YOUR_METADATA>
: Metadata for your provider account<YOUR_CERTIFICATE_NAME>
: Certificate name for your provider account
Update the integration object with the SSO information
Complete the integration using the operation
PUT https://api.<REALM>.signalfx.com/v2/integration/<INTEGRATION_ID>
.
You must use an access token associated with a user who has administrative access for your organization. To learn more, see the Authentication Tokens topic.
In the following example, <YOUR_METADATA>
and <YOUR_CERTIFICATE_NAME>
are
values you obtain from the provider.
$ curl \ --request PUT \ --header 'X-SF-Token: "<SESSION_TOKEN>"' \ --header 'content-type: application/json' \ --data \ '{ "type": "<SAML_TYPE>", "metadata": "<METADATA>", "certificateName": "<CERTIFICATE_NAME>" }' https://api.<REALM>.signalfx.com/v2/integration/<INTEGRATION_ID>
Notification service integrations
Notification service integrations connect third-party messaging and incident management services with Splunk Observability Cloud alerting. You can then use these services to send alert messages from detectors and org token limit alerts.
Splunk Observability Cloud supports notification service integration for the following providers:
- Amazon EventBridge
- BigPanda
- Jira (Cloud and Server)
- Microsoft Teams
- Opsgenie
- PagerDuty
- ServiceNow
- Slack
- Splunk On-Call
- xMatters
Splunk Observability Cloud also supports notification service integration for providers that use a Webhook.
Note: To ensure backward compatibility with previous versions, the integration type (the
type
property) for Microsoft Teams isOffice365
.
The Integrations topic in the Splunk Observability Cloud Reference Documentation describes the request and response bodies for notification service integration management.
Considerations for notification service integrations
Some notification service integrations have special requirements.
Jira integration
The Jira integration supports both Jira Cloud and Jira Server.
To learn more about integrating Jira with Splunk Observability Cloud, see the Send alert notifications to Jira using Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.
The Integrate Jira with Splunk Observability Cloud topic contains more detailed API documentation for the Jira integration.
ServiceNow integration
To integrate with ServiceNow, you need to create a new user for Splunk Observability Cloud from your
ServiceNow service management dashboard. To learn how to do this, and to learn about other
fields you need for a ServiceNow integration, see the
Send alert notifications to ServiceNow using Splunk Observability Cloud topic
in the Splunk Observability Cloud user documentation.
After you create the new user and follow the other instructions, you can create a
new ServiceNow integration using the operation
POST https://api.<REALM>.signalfx.com/v2/integration
.