1. Function
The incident management platform Splunk On-Call handles the distribution of messages from dozens of different sources, which can be selected as integrations directly in the web interface. A generic REST back-end is available for Checkmk.
2. Configuring Splunk On-Call
You do not need to explicitly activate the notifications from Checkmk, only the REST endpoint address:
In Splunk On-Call under Integrations, call the REST Generic item.
Copy the displayed REST endpoint URL.
3. Configuration in Checkmk
You have already learned how to set up Checkmk notifications in general in the article about notifications.
As a reminder:
You can not only specify individual users and contact groups as recipients of the notifications. Instead, you can also define a ticket system or an event engine as the target of the notifications, for example. However, you must then take two factors into account when creating the notification rules:
Only a single user may be entered as a contact, i.e. neither a contact group nor an object contact, otherwise several notifications will be sent to the target system for each event.
If the first point is fulfilled, but this user is used in several notification rules that are of the same type (e.g. ServiceNow), then only the last rule applies in each case. It is therefore advisable to create a separate functional user for each of these notification rules.
Inn Checkmk you only need now to specify this key:
For the Notification Method choose Splunk On-Call.
Enter the copied URL under Splunk On-Call REST Endpoint.
For testing you can use the Fake check results and Custom notification commands.