This workflow codifies an incident response process for Splunk On-Call incidents. The process in this workflow is to create a JIRA ticket, set up an incident response slack room, and post the information about created tickets back into the incident timeline.
Before you run this workflow, you will need the following connections configured in Relay:
- A Jira account.
- A Slack workspace bot with the following permissions:
channels:manageto create the channel and set the topic
chat:writeto send messages
chat:write.publicto send messages to channels without joining
chat:write.customizeto send messages as a customized username and avatar
You'll also need to enable the REST integration point on Splunk On-Call and add the generated endpoint URL as a workflow Secret named
endpointURL. Note that the incoming webhook from Splunk On-Call to Relay uses the escalation webhook integration, not the Enterprise-level custom webhooks.
Configure the workflow
You may need to update some of the default parameters or connection information in this workflow to run in your environment. The default configuration assumes:
- Your Jira connection is called
- Your Slack connection is called
- Your Jira project key is
- Your incident slack channels will be named
Set up the trigger
When you create this workflow for the first time, we'll automatically provision a webhook for you. You need to provide this webhook to Splunk On-Call to complete the integration.
In the workflow overview page in Relay, find the webhook URL by navigating to the Setup sidebar. Copy the URL to your clipboard.
In Splunk On-Call, go to Integrations and enable the Webhooks integration. Add a new webhook, give it a memorable name and paste the Relay URL into the dialog box.
You'll then need to associate the webhook name with one or more Escalation Policies, so the workflow will be triggered upon incident creation. Updates from Relay will be associated with the timeline of the Splunk On-Call incident which triggered them.