Hi Team,
*Now we are authenticating successfully with username and password*(while
the password is given as Bearer Token of Splunk). but facing an issue while
sending Alert data from Prometheus to Splunk, giving the error "*No DATA*"
seems like Splunk is looking for an* event header *in the *Data block* as
well we're currently encountering a roadblock in our efforts to integrate
Prometheus alerts into Splunk. Every attempt at integration results in an
error labeled "*NO DATA*," accompanied by* error code 5*.
Here's a snippet of the data we're trying to integrate:
{
"receiver": "splunk-webhook",
"status": "firing",
"alerts": [{
"status": "firing",
"labels": {
"alertname": "TEST",
"env": "isdt-sbx",
"namespace": "isdt-sbxtest",
"severity": "critical"
},
"annotations": {
"description": "description of the alert",
"runbook": "http://runbook.biz";,
"summary": "summary of the alert"
},
"startsAt": "2024-02-26T12:38:53.724141255Z",
"endsAt": "0001-01-01T00:00:00Z",
"generatorURL": "",
"fingerprint": "e6f0eaf72b9d568c"
}],
"groupLabels": {
"alertname": "TEST",
"namespace": "isdt-sbxtest"
},
"commonLabels": {
"alertname": "TEST",
"env": "isdt-sbx",
"namespace": "isdt-sbxtest",
"severity": "critical"
},
"commonAnnotations": {
"description": "description of the alert",
"runbook": "http://runbook.biz";,
"summary": "summary of the alert"
},
"externalURL": "https://monitoring.server.net/alertmanager";,
"version": "4",
"groupKey":
"{}/{severity=~\"^(?:critical|Critical|info|Critica)$\"}:{alertname=\"TEST\",
namespace=\"isdt-sbxtest\"}",
"truncatedAlerts": 0
}
Is there any possibility we can add a receiver with a *template* like *Slack
webhook *or some other parameter that we can pass* event *while sending
Data to Splunk?
If anyone in the group has encountered a similar issue or has expertise in
Prometheus to Splunk integration, we would greatly appreciate your insights
and recommendations on resolving this challenge.
Thanks & Regards,
Aditya Sharma
On Monday, February 26, 2024 at 8:48:07 PM UTC+5:30 Brian Candler wrote:
> > Invalid authorization
>
> Seems you're not authorizing to Splunk properly. Can you point to their
> documentation which says how you need to authenticate to their API?
>
> I note you're using http rather than https, so HTTP basic auth is probably
> not allowed (it's insecure, it sends the username and password in cleartext
> along with every request). But even with https, they may require you to
> authenticate in some other way.
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/b7a1109a-8f32-4904-949c-393059f868cen%40googlegroups.com.
