Integrate third-party services with Splunk Observability Cloud

Was this page helpful?

On this page

Integrations connect third-party services to Splunk Observability Cloud. Each integration provides the software that Splunk Observability Cloud needs to communicate with the service, as well as an interface for configuring the connection.

When you send an API request, you need to use the endpoint specific to your organization's realm. To learn more, see Realms in endpoints.

All the integrations that Splunk Observability Cloud provides have a configuration GUI as part of the user interface. Some integrations also have a configuration API.

The following configurations are available using the API:

Cloud service integrations:
- Amazon Web Services (AWS) services, regions, namespaces, and metrics
- Google Cloud Platform services
- Microsoft Azure services
SAML-based SSO integrations:
- Microsoft Active Directory Federated Services (ADFS)
- Okta
- OneLogin
- PingOne
Services for sending alert notifications:
- Amazon EventBridge
- BigPanda
- Jira Cloud and Jira Server
- Microsoft Teams
- Opsgenie
- PagerDuty
- ServiceNow
- Slack
- Splunk On-Call
- Services that support Webhook messaging
- xMatters

To specify an integration you want, you use an enumerated string. See the Integrations topic in the Splunk Observability Cloud API Reference Documentation to find the string for each type of integration.

Cloud service integrations

Cloud service integrations ingest metrics from cloud services. This action is often known as "syncing" cloud service metrics with Splunk Observability Cloud. To set up these integrations using the API, follow these steps:

From the cloud service UI, get authentication and authorization credentials that allow Splunk Observability Cloud to connect to the service.
In the request for the integration, add the following:
1. Required. Credentials
2. Required. Integration type
3. Required. List of entities from which Splunk Observability Cloud should pull metrics
4. Optional. Name of an access token that you want Splunk Observability Cloud to use when it pulls metrics. To learn more, see the Cloud service access token name section.
  This field name is different for each cloud service.
  Each cloud service is described in a separate topic. For a list of these topics, see the Integrating with a specific cloud service provider topic.
5. Optional. List of metrics to pull.
  The field name is different for each cloud service. See the developer guide documentation for the cloud service to learn more.
6. Other settings that control the integration. These settings are different for each cloud service.
  After you create the integration, Splunk Observability Cloud can retrieve monitoring data from the cloud service.

Cloud service access token name

All cloud service integration request bodies include the namedToken field, which lets you specify the name of the access token (org token) that you want Splunk Observability Cloud to use when pulling metrics from the cloud service. The token has to be an existing access token in your organization. Use the token name, not its value.

GET response bodies for cloud service integrations contain the current value of namedToken.

If you don't specify this field, Splunk Observability Cloud uses the default access token for your organization. The system assigns this token during the creation of your organization.

To learn more about access tokens, see the Create and manage organization access tokens using Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.

Track usage with `namedToken`

Use namedToken to help you track usage metrics. If you have more than one integration for the same cloud service, use a different access token for each integration. You can then track the resource usage for each integration instance.

To learn more about tracking resource usage with access tokens, see the Manage resource usage with access tokens using Splunk Observability Cloudd topic in the Splunk Observability Cloud user documentation.

Integrate with a specific cloud service provider

To learn more about integrating with a specific cloud service provider, see one of the following:

Amazon Web Services (AWS): See the Integrate AWS monitoring with Splunk Observability Cloud topic.
Google Cloud Platform (GCP): See the Integrate Google Cloud Platform Monitoring with Splunk Observability Cloud topic.
Microsoft Azure: See the Integrate Microsoft Azure Monitoring with Splunk Observability Cloud topic.

The Integrations topic in the Splunk Observability Cloud Reference Documentation describes the request and response bodies for the cloud service provider, SAML SSO systems, and alert notification systems supported by Splunk Observability Cloud.

SAML-based SSO authentication integrations

Splunk Observability Cloud supports SAML-based SSO authentication integration for the following providers:

Microsoft Active Directory Federation Services (ADFS)
Okta
OneLogin
PingOne

To integrate with a SAML-based SSO provider:

Create an empty Splunk Observability Cloud integration object using the operation POST https://api.<REALM>.signalfx.com/v2/integration with a request body that specifies the SSO provider you want to use. The API responds with an integration ID.
Provide the integration ID to the provider. To learn more, see the Configure SSO integrations for Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.
After you receive authentication credentials from your provider, use the operation
PUT https://api.<REALM>.signalfx.com/v2/integration/<INTEGRATION_ID>
to update the integration object you created in step 1.

The Integrations API reference documentation describes the request and response bodies for each supported SAML-based SSO authentication provider.

Create the integration object

The following curl command demonstrates how to create the empty integration object:

<SAML_INTEGRATION_TYPE>: Enumerated string for the provider you want to create.
<INTEGRATION_NAME>: Name you provide to differentiate this integration instance from others that you've created for the SSO provider. Using this name, you can set up multiple integrations for the same provider.

You must use an access token associated with a user who has administrative access for your organization. To learn more, see the Authentication Tokens topic.

$ curl \
--request POST \
--header 'X-SF-Token: <ORG_TOKEN>' \
--header 'content-type: application/json' \
--data \
  '{
        "type": "<SAML_TYPE>",
        "name": "<INTEGRATION_NAME>"
  }'
https://api.<REALM>.signalfx.com/v2/integration

The response object for a successful request is similar to the following. <INTEGRATION_ID> is the ID that Splunk Observability Cloud assigns to the integration:

{
    "type": "<SAML_INTEGRATION_TYPE>",
    "name": "<INTEGRATION_NAME>",
    "id": "<INTEGRATION_ID>"
}

Configure the SAML SSO provider with the integration ID

To learn how to configure the SAML SSO provider with the ID of the integration you created, see the Configure SSO integrations for Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.

Complete the steps contained in that topic.

After you complete the steps, you need to have the following information from your provider:

<YOUR_METADATA>: Metadata for your provider account
<YOUR_CERTIFICATE_NAME>: Certificate name for your provider account

Update the integration object with the SSO information

Complete the integration using the operation PUT https://api.<REALM>.signalfx.com/v2/integration/<INTEGRATION_ID>.

You must use an access token associated with a user who has administrative access for your organization. To learn more, see the Authentication Tokens topic.

In the following example, <YOUR_METADATA> and <YOUR_CERTIFICATE_NAME> are values you obtain from the provider.

$ curl \
--request PUT \
--header 'X-SF-Token: "<SESSION_TOKEN>"' \
--header 'content-type: application/json' \
--data \
  '{
    "type": "<SAML_TYPE>",
    "metadata": "<METADATA>",
    "certificateName": "<CERTIFICATE_NAME>"
   }'
https://api.<REALM>.signalfx.com/v2/integration/<INTEGRATION_ID>

Notification service integrations

Notification service integrations connect third-party messaging and incident management services with Splunk Observability Cloud alerting. You can then use these services to send alert messages from detectors and org token limit alerts.

Splunk Observability Cloud supports notification service integration for the following providers:

Amazon EventBridge
BigPanda
Jira (Cloud and Server)
Microsoft Teams
Opsgenie
PagerDuty
ServiceNow
Slack
Splunk On-Call
xMatters

Splunk Observability Cloud also supports notification service integration for providers that use a Webhook.

Note: To ensure backward compatibility with previous versions, the integration type (the type property) for Microsoft Teams is Office365.

The Integrations topic in the Splunk Observability Cloud Reference Documentation describes the request and response bodies for notification service integration management.

Considerations for notification service integrations

Some notification service integrations have special requirements.

Jira integration

The Jira integration supports both Jira Cloud and Jira Server.

To learn more about integrating Jira with Splunk Observability Cloud, see the Send alert notifications to Jira using Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.

The Integrate Jira with Splunk Observability Cloud topic contains more detailed API documentation for the Jira integration.

ServiceNow integration

To integrate with ServiceNow, you need to create a new user for Splunk Observability Cloud from your ServiceNow service management dashboard. To learn how to do this, and to learn about other fields you need for a ServiceNow integration, see the
Send alert notifications to ServiceNow using Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation.

After you create the new user and follow the other instructions, you can create a new ServiceNow integration using the operation POST https://api.<REALM>.signalfx.com/v2/integration.