>rapid response for splunk® allow you to easily compose sophisticated real-time system-wide response applications and run them automatically whenever splunk alerts occurs. You compose a response app by ‘drawing’ its workflow using AppSymphony Web, and then assign that app to run as a splunk alert action.
AppSymphony Web is a rapid app composition platform that lets users ‘draw’ powerful information apps and run them in the cloud in minutes. AppSymphony provides the following core capabilities:
- Pure browser-based drag-drop-connect UI to compose apps – no coding
- Reusable apps saved/shared in repository
- Orchestrate / choreograph diverse information resources at all layers of the stack
You compose response applications using AppSymphony’s intuitive graphical workflow tool, and then use the >rapid response splunk plug-in to seamlessly configure an alert action to launch that response app. When the app runs, it reports its activities back to Splunk so you can monitor response progress using >rapid response‘s tracking dashboards.
The >rapid response Case
rapid response apps conduct all response activities within the context of unique recovery cases so that you can track and control all response operations right from within splunk itself. As a result, app workflows all follow the same pattern:
- open a unique response case
- report the results of each response action
- close the case when its done
We have captured this pattern in a template app (shown below) for you to reuse as often as you’d like. All you need to do is just drag/drop the response action component you need to get the job done, connect them into the template, and you’re ready to go.
Here is an example of a completed simple alert action workflow with the response actions filled in This app stops and restarts an AppSymphony Web instance. AppSymphony is a web app hosted in an Apache Tomcat container. So this app simply stops and starts Tomcat.
This video shows how quickly and easily you can compose this simple response workflow.
Response actions are provided through AppSymphony Web components, which you compose into response apps by drawing workflows. The power of >rapid response lies in the availability of components to take response actions at all layers of the information system stack. Initial components focus on the IT Operations solution area. The following table lists the major >rapid response component groups organized by splunk IT Service Intelligence Modules.
Subsequent >rapid response releases will include components for other solution areas such as application delivery, security and compliance, business analytics and internet-of-things.
AppSymphony also provides a wide range of lower-level general purpose information processing components that can be used to compose new response action components and apps.