PagerDuty App for Splunk, Custom Fields Not Populating

Hi,

I am new to PagerDuty so hoping the following question makes sense.

I have a Splunk alert triggering an incident in PagerDuty using the PagerDuty App for Splunk. PagerDuty correctly sends notifications by email, SMS, and phone call upon recieving those messages from Splunk.

Additionally, I am sending a custom JSON payload using the Custom Details section in the Splunk App. These Custom Details are recieved correctly in the incident message but the Custom Details are not used by PagerDuty to populate the corresponding Custom Fields.

Following is the Custom Details portion of the incident message received from Splunk

    "custom_details": {

      "display_text": "Sample display text.",

      "severity": "CRITICAL",

      "source": "Sample source",

      "summary": "Sample summary."

    }

There also exists custom text fields defined in PagerDuty that correspond to each of these fields, named: display_text, severity, source, and summary.

However, the Custom Fields section of each incident remains blank (or populated with default values) and is never populated with the values found in the message received from Splunk.

I have tried modifying the format of the JSON data but nothing is working.

Can someone please help me understand what I’m doing wrong here, and help me correctly populate the Custom Details fields from a message sent using the PagerDuty App for Splunk.

Thank you,

Simon

Be the first to reply!

Reply

Sign up to PagerDuty Commons

Login to PagerDuty Commons

Scanning file for viruses.

This file cannot be downloaded