Hi Team,
*Now we are authenticating successfully with username and password*(while
the password is given as Bearer Token of Splunk). but facing an issue while
sending Alert data from Prometheus to Splunk, giving the error "*No DATA*"
seems like Splunk is looking for an* event header *in the *Data block* as
well we're currently encountering a roadblock in our efforts to integrate
Prometheus alerts into Splunk. Every attempt at integration results in an
error labeled "*NO DATA*," accompanied by* error code 5*.
Here's a snippet of the data we're trying to integrate:
{
"receiver": "splunk-webhook",
"status": "firing",
"alerts": [{
"status": "firing",
"labels": {
"alertname": "TEST",
"env": "isdt-sbx",
"namespace": "isdt-sbxtest",
"severity": "critical"
},
"annotations": {
"description": "description of the alert",
"runbook": "http://runbook.biz";,
"summary": "summary of the alert"
},
"startsAt": "2024-02-26T12:38:53.724141255Z",
"endsAt": "0001-01-01T00:00:00Z",
"generatorURL": "",
"fingerprint": "e6f0eaf72b9d568c"
}],
"groupLabels": {
"alertname": "TEST",
"namespace": "isdt-sbxtest"
},
"commonLabels": {
"alertname": "TEST",
"env": "isdt-sbx",
"namespace": "isdt-sbxtest",
"severity": "critical"
},
"commonAnnotations": {
"description": "description of the alert",
"runbook": "http://runbook.biz";,
"summary": "summary of the alert"
},
"externalURL": "https://monitoring.server.net/alertmanager";,
"version": "4",
"groupKey":
"{}/{severity=~\"^(?:critical|Critical|info|Critica)$\"}:{alertname=\"TEST\",
namespace=\"isdt-sbxtest\"}",
"truncatedAlerts": 0
}
Is there any possibility we can add a receiver with a *template* like *Slack
webhook *or some other parameter that we can pass* event *while sending
Data to Splunk?
If anyone in the group has encountered a similar issue or has expertise in
Prometheus to Splunk integration, we would greatly appreciate your insights
and recommendations on resolving this challenge.
Thanks & Regards,
Aditya Sharma
On Monday, February 26, 2024 at 8:48:07 PM UTC+5:30 Brian Candler wrote:
> > Invalid authorization
>
> Seems you're not authorizing to Splunk properly. Can you point to their
> documentation which says how you need to authenticate to their API?
>
> I note you're using http rather than https, so HTTP basic auth is probably
> not allowed (it's insecure, it sends the username and password in cleartext
> along with every request). But even with https, they may require you to
> authenticate in some other way.
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/b7a1109a-8f32-4904-949c-393059f868cen%40googlegroups.com.
