Skip to main content
Connect DevHelm to Splunk On-Call (formerly VictorOps) to automatically open and resolve incidents. DevHelm posts to the Splunk On-Call REST endpoint integration, so incidents follow your existing escalation policies and on-call rotations.

Setup

1

Get your REST endpoint API key and routing key

  1. In Splunk On-Call, go to SettingsIntegrationsREST Endpoint
  2. Enable the integration and copy the API key from the endpoint URL
  3. Go to SettingsRouting Keys and copy an existing key — or create a new one (e.g. devhelm) mapped to the team that should receive alerts
2

Create the alert channel in DevHelm

devhelm alert-channels create \
  --name "Splunk On-Call" \
  --type splunk_oncall \
  --config '{"channelType":"splunk_oncall","apiKey":"your-rest-endpoint-api-key","routingKey":"devhelm"}'
3

Test the channel

devhelm alert-channels test <channel-id>

Configuration

FieldDescriptionRequired
apiKeySplunk On-Call REST endpoint API keyYes
routingKeyRouting key that maps alerts to a teamYes

Lifecycle behavior

Splunk On-Call uses a trigger-resolve lifecycle keyed on the incident, so state stays in sync with DevHelm:
DevHelm eventSplunk On-Call action
Incident createdTriggers an incident that follows your escalation policy
Incident resolvedAuto-resolves the corresponding incident
Incident reopenedTriggers a new incident

Troubleshooting

Confirm you used the REST endpoint API key, not a personal API token from SettingsAPI. The two are different credentials — only the REST endpoint key works with this integration. Then run devhelm alert-channels test <channel-id>.
The routing key must be mapped to a team with an active escalation policy. In SettingsRouting Keys, verify the key points to the right team, then check that team has an on-call schedule.