Skip to main content


Splunk Lantern

Configuring the Splunk On-Call integration with IT Service Intelligence


An incident is a problem, represented by an alert, that could negatively impact customers, your employees, and the stakeholders inside or outside of your organization. Your company uses Splunk ITSI to normalize, correlate, group related alerts, and generate incident notifications. Now, you want these critical notifications sent to Splunk On-Call to quickly get those actionable ITSI episodes to the right teams so they can resolve problems.

This article is part of the Splunk Use Case Explorer for Observability, which is designed to help you identify and implement prescriptive use cases that drive incremental business value. It explains the solution using a fictitious example company, called CSCorp, that hosts a cloud native application called Online Boutique. In the AIOps lifecycle described in the Use Case Explorer, this article is part of Notification.


Splunk ITSI can send actionable ITSI episodes into Splunk On-Call to achieve fast and efficient incident resolution with reduced downtime. 

  1. Download, install and configure the Splunk On-Call (VictorOps) app.
    1. Set up your account.
    2. Set up the alert API key and enable the integration with Splunk ITSI.
    3. Set up the data API keys and activate the API.
    4. Send a test alert.
  2. Validate the integration.

Watch this video to see how you can configure the four parts of the integration.

Next steps

Still having trouble? Splunk has many resources available to help get you back on track.