Browse Guides

Loading list...
X
Use AI to Analyse Business Performance
Runbook Level Variables
Visualising and Bulk Updating Child Ticket Data from The Project Screen
Reporting Access Control
Down Payments
How to add Images to Quotations
Hosting your own Halo Integrator
Westcoast Cloud Integration
Obtaining API Credentials from AT&T
Dynamically Updating Email Lists
Contents of AI Guides
Multi-Currency
DB Integrator - Troubleshooting
A Break down of the Automated Statement of Work Generation & AI Project task Creation
Link Excel to Halo Report
Emails with New Ticket Hyperlinks
Sales Order Statuses
WatchGuard Integration
Automatic HTML Additions to Reporting
Labor and Travel
Chat Web Searching with Virtual Agents
Customer Areas
Remove Your Company Details from the Self-Service Portal
The Ready For Purchasing Area
LapSafe Integration
Creating Users
Statistics Tables
Virima Integration
FAQ List Access Control
Change Advise Boards (CABs)
Admin Mode
Product Price Overrides
Asset Custom Buttons
Starting a Workflow from an Action
Tracking Opportunities
SQL Injection Security Vulnerability
Reporting Variables
Supplier Contacts/Users
Vector Search Databases (for AI Search)
Checking your DB Size
SaaSAlerts Integration
Opportunity Configuration
Quote Approved Workflow Automation
Creating Invoices
Tracking Sales Metrics
Recurring Invoice Approvals
Importing Opportunity Tickets
Halo AI - Security Implications
Major Incident Management
Sage Canada 2023
Accessing your On-Prem Logs
Set which Agents can adjust the Billing Time and Recalculation of Billing on Tickets
System Notifications
Access Control
Update to SAML Validation
On-Prem Upgrade - Troubleshooting
Site Contacts
Quotation Approvals
Linking Assets to Knowledge Base Articles
Viewing Tickets in the Portal
Tenable Integration
Using HaloDBLookupService to run custom integration methods on internally facing APIs
SnelStart Integration
Creation Periods in Recurring Invoices
Project Sales Process
Sensitive Tickets
Workflow To-Do Automation
Reviewing Recurring Invoice Lines
Raising a Service Request
Approval Process for a Users Department Manager
Qualys Integration
Creating Projects from Products
Creating Tickets
Translating Email Templates
Country/Region Codes
Customer Relationships
Handling Attachments/Files in Runbooks
Self-Service Portal Restrictions
Meter Billing
AI Client Profiling
Customising the Navigation Menu in Halo
Runbook: Update the Estimated Time Based on the Category Chosen
Message Group Overrides
Invoice Creation
Contract/Agreement Rules
Custom Integrations
Dynamic Field/Value Visibility
CVE-2025-40846 - Open Redirect
Sherweb Integration
Google Analytics in the Self-Service Portal
Adding Iframes to Custom Tabs
Asset Management
Live Chat in Halo
Project Types
Azure Sentinel Webhooks
Product Bundles
Customer Relationships
Blocked HTML Content in Rich Text Editors
Device Change History
Automatic Ticket Updates via Email
An Introduction to Halo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Using and Configuring Halo
Using and Configuring Halo
Integrations
Integrations
Configuration Settings Guides
Configuration Settings Guides
On-Premises Guides
On-Premises Guides
About Halo
About Halo
Splunk Integration
Reading mode
Copy Link
Link Copied!
Print
Feedback
This guide has multiple versions available:
<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}</style><p><strong>In this guide we will cover:</strong></p><p><strong>- What is the Splunk Integration?</strong></p><p><strong>- Configuring and Integrating Splunk alerts</strong></p><p><strong>- Viewing Alerts from Splunk</strong></p><p><br></p><p><br></p><p><strong><span style="font-size: 14pt;">What is the Splunk Integration?</span></strong></p><p>The Splunk integration allows alerts in Splunk to automatically log tickets in Halo each time the alert is triggered, allowing technicians to be alerted to and manage Splunk alerts from within Halo.&nbsp;</p><p><br></p><p><strong><span style="font-size: 14pt;">Configuring and Integrating Splunk alerts<br></span></strong></p><p>To enable the Splunk integration in Halo, go to Configuration &gt; Integrations, and enable the module. Once the module has been enabled, click into the module to begin configuring it.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEyZTA3ZDM3LTc4NTMtNGY3NS05Mjc5LTU0YmIzYWZmMWVmZiJ9.H6kUM21e6Jd0NJRqLmU-L4hrjC-1TJGEupaBole17-U" class="fr-fic fr-fil fr-dib" width="298" style="width: 300px; height: 160.843px;" height="161"></p><p><strong><span style="font-size: 10pt;">Fig 1. Enable integration module</span></strong></p><p><br></p><p>Initially, you will see some text detailing what needs to be appended to your Halo instance URL when configuring your Webhooks in Splunk.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQ4MTIzNGJmLTJmOTgtNDQzYS04ZDM0LTRkYjVmNzIwYjM1YSJ9.7tVQGpPsOAnOHsXWZaiGiYIAEDXCMdeXoTt6KniWOdM" class="fr-fic fr-fil fr-dib" width="1211" style="width: 1213px; height: 508.984px;" height="509"></p><p><strong><span style="font-size: 10pt;">Fig 2. Splunk integration setup page</span></strong></p><p><br></p><p>After this, there are three options. Choose the ticket type that you would like alerts from Splunk to be created as in Halo. Choose the end user that new tickets created from Splunk alerts gets assigned too. You will then need to choose the webhook processing type.</p><p><br></p><p><strong>Webhook Processing Type</strong> - This field will determine how the webhook from Splunk will be processed.&nbsp;</p><p><br></p><ul><li>Default alert processing - Choose this option when you would like all webhooks from Splunk to log tickets in Halo. When this option is selected you will be able to choose whether the webhooks authentication or not. See the section &#39;Webhook Authentication&#39; for more information on this.&nbsp;</li><li>Event management - Choose this option when you would like to manage incoming alerts/webhooks from Splunk using the event management functionality. Using the event management functionality allows you to manage which alerts log tickets using rules, as well as what alert data the ticket is populated with, for more information on our even management functionality see our article <a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/2305/" target="_blank" rel="noopener noreferrer"><strong>here</strong></a>. If you configure Splunk webhooks to post to the the event management endpoint without selecting this option the webhook will not be processed, this is due to how webhooks from Splunk are authenticated.</li></ul><p><strong>Webhook Authentication</strong></p><p>When Event Management is selected as the webhook processing type you can configure how the webhook is authenticated within the event management module. See our guide on event management for more information on this.&nbsp;</p><p><br></p><p>When the default alert processing method is selected as the processing type you will be able to choose the authentication method used for the webhook within the Splunk integration setup screen.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjA1N2Q0YjJjLWI1YTctNGI4Ni04ZWUyLThkODQyYTg2M2M4NCJ9.rb9dFFz2PWQzc2SKzceQu5-dbNVugts58d-SBW_sUx8" class="fr-fic fr-fil fr-dib" width="616" style="width: 618px; height: 229.156px;" height="229"></p><p><strong><span style="font-size: 10pt;">Fig 3. Webhook authentication options</span></strong></p><p>&nbsp;</p><p><br></p><p id="isPasted"><strong>Use a token query parameter&nbsp;</strong>- When this option is selected you will need to generate a token for the webhook created in Splunk. Then enter this token in the &#39;token&#39; field in Halo. You will also need to include this token as a parameter in the Webhook URL, this parameter will be checked by the Halo API before the webhook is processed. This will prevent any other webhooks sent to this endpoint being processed, adding an additional layer of security.&nbsp;</p><p><strong>No authentication&nbsp;</strong>- When selected no webhook authentication will take place, a token for the webhook does not need to be generated but this is a less secure method.&nbsp;</p><p><br></p><p><br></p><p>Once you have completed these fields on the configuration page you will need to head into Splunk and begin configuring a webhook.&nbsp;</p><p><br></p><p><strong><span style="font-size: 12pt;">Create Webhook for Splunk Alert&nbsp;</span></strong></p><p>First you will need to create an alert in Splunk for a chosen event, this is done within the search and reporting app. Complete a search with your desired criteria, this is the criteria that will trigger the alert when met, then click save as &gt; Alert in the top right corner.&nbsp;</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImVkODVjMjVhLTI4YmYtNDk5MC1hYjAwLTkyMzk0ZjFmNDU1ZSJ9.TzYZ4r2b6Iz5Qp3LEgrqyWAX-c5Kj861YWXL179qqyw" class="fr-fic fr-fil fr-dib" width="1004" style="width: 1006px; height: 448.141px;" height="448"></p><p><strong><span style="font-size: 10pt;">Fig 4. Alert criteria in Splunk</span></strong></p><p><br></p><p>Now you will be able to configure the alert in Splunk, giving it a name, schedule and conditions. You can configure the alert to your preferences but the alert must be &#39;Shared in App&#39; to have permission to create an alert in Halo.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQwNDU1Mjk4LWNjZWUtNDRjZi04NTlkLTJjNDI5NzFiMmM3MCJ9.Wo1_Rv3fh84P6_VIgc1vuA7sWof6l6bJm3iplY19NSA" class="fr-fic fr-fil fr-dib" width="616" style="width: 618px; height: 505.914px;" height="506"></p><p><strong><span style="font-size: 10pt;">Fig 5. Alert configuration in Splunk</span></strong></p><p><br></p><p>Add a trigger action to the alert and set this to be &#39;webhook&#39;.&nbsp;</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImU2MGEwMjU4LWE2ZWUtNDcxZS05OGZiLWI2MmJjODY2MGYyOCJ9.4H8_155rnSgAnqoOqJlJ7g7xG7yW8JAdhhJGVQacUUE" class="fr-fic fr-fil fr-dib" width="851" style="width: 853px; height: 470.215px;" height="470"></p><p><strong><span style="font-size: 10pt;">Fig 6. Webhook trigger action on alert</span></strong></p><p><br></p><p><strong>If you are using the default alert processing type:</strong> In the URL for the webhook enter your halo URL appended by &quot;/api/notify&quot;, this should follow the format: <a data-fr-linked="true" href="https://YOURHALODOMAIN.co.uk/api/notify" id="isPasted">https://YOURHALODOMAIN.co.uk/api/notify</a></p><p><br></p><p><strong>If you are using Event Management processing for the webhook:&nbsp;</strong>In the URL for the webhook enter your halo URL appended by &quot;api/incomingevent/process&quot;, this should follow the format: <a data-fr-linked="true" href="https://YOURHALODOMAIN.co.uk/api/notify" id="isPasted">https://YOURHALODOMAIN.co.uk/api/incomingevent/process</a></p><p><br></p><p>Now you can save the alert.&nbsp;</p><p><br></p><p>Before the alert can be posted to Halo you will need to add the URL used for the webhook to the webhook allow list in Splunk. This can be found under settings &gt; server settings. For more information on on adding/removing URLs to Splunk&#39;s webhook allow list see their guide here: <a data-fr-linked="true" href="https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Admin/ConfigureWebhookAllowList" id="isPasted">https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Admin/ConfigureWebhookAllowList</a></p><p><br></p><p><strong><em>Note: If you are on a trial version of Splunk you will not have access to the webhook allow list.&nbsp;</em></strong></p><p><br></p><p>If you are using the default processing method your setup is complete.&nbsp;</p><p><br></p><p>If you are using the event management processing method you will need to configure event rules for the alert, the alert must meet configured criteria in order for a ticket to be logged. See our <a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/2305/" id="isPasted" target="_blank" rel="noopener noreferrer"><strong>event management</strong></a> guide for information on how to configure event rules.&nbsp;</p><p><br></p><p><strong><span style="font-size: 14pt;">Viewing Alerts from Splunk</span></strong></p><p>Once the integration has been configured, and a new ticket has been created from a Splunk alert, it is possible to load the results of the Splunk Search that raised the alert from the ticket. If you open any ticket created from a Splunk alert, under &quot;Ticket Details&quot; you will see an option for Splunk search results:</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFhODMyN2I5LWIwNjctNDA3OS04ZGFlLTI2YjE4ODYxYTRlNSJ9.JlDMgDdmP6eDkLz_ZJ7iAcMmSjLkZRn2eX7fDoTA7aQ" class="fr-fic fr-dii" style="width: 1214px; height: 371.614px;" width="1212" height="372"></p><p><strong><span style="font-size: 10pt;">Fig 7. Ticket logged from Splunk alert</span></strong></p><p><br></p><p>Clicking the &ldquo;view results&rdquo; hyperlink will open up Splunk in a new tab directly on the results page of the corresponding search that raised the alert.</p>
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Platform
Platform Capabilities >
Use Cases
View all Use Cases >
Resources
Halo
Subscribe to Halo for latest news

By submitting, you are agreeing to our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Follow
© 2026 Halo Service Solutions. All Rights Reserved.
Terms & ConditionsPrivacy PolicySecurityTrust CentreGDPRAccessibilityModern Slavery StatementService Status