AppDynamics Alerting Extension for use with Splunk


Use of custom actions for HTTP based integrations is no longer supported. Please look at HTTP Request Templates on how HTTP based integrations can be done. For sample HTTP templates, please check this article.

Use Case

Splunk indexes and makes searchable data from any app, server or network device in real time including logs, config files, messages, alerts, scripts and metrics.


  1. User needs to have edit_tcp permission to post events to Splunk

Installation Steps

  1. Find the zip file at ''

  2. Unzip the file into /custom/actions/ . You should have /custom/actions/splunk-alert created.

  3. Check if you have custom.xml file in /custom/actions/ directory. If yes, add the following xml to the element.

            <!-- For Linux/Unix *.sh -->
            <!-- For windows *.bat -->

    If you don't have custom.xml already, create one with the below xml content

            <!-- For Linux/Unix *.sh -->
            <!-- For windows *.bat -->

    Uncomment the appropriate executable tag based on windows or linux/unix machine.

Setting up config.yml file

A sample config.yml file is included in splunk-alert/conf

  1. Edit the config.yml file to add information that allows the Controller to communicate with Splunk.
        # Host at which Splunk is reachable
        host: localhost
        # Port at which Splunk is reachable
        # Use the admin port, which is 8089 by default.
        port: 8089
        # Splunk username
        username: admin
        # Splunk password, provide password or passwordEncrypted and encryptionKey.
        password: admin


        #Proxy server URI
        #Proxy server user name
        #Proxy server password

        #Index Name, should be available in Splunk
        index: appdynamics_events
        #Source Type
        sourceType: events

Note: An index with index name should be present in Splunk.


Password Encryption Support

To avoid setting the clear text password in the config.yml, please follow the process below to encrypt the password

   1. Download the util jar to encrypt the password from and navigate to the downloaded directory

   2. Encrypt password from the commandline java -cp appd-exts-commons-1.1.2.jar com.appdynamics.extensions.crypto.Encryptor encryptionKey myPassword

   3. Specify the passwordEncrypted and encryptionKey in config.yml


Installing Custom Actions:

To create a Custom Action, first refer to the the following topics (requires login):

Now you are ready to use this extension as a custom action. In the AppDynamics UI, go to Alert & Respond -> Actions. Click Create Action. Select Custom Action and click OK. In the drop-down menu you can find the action called 'splunk-alert'.



Always feel free to fork and contribute any changes directly here on GitHub.



For any questions or feature request, please contact AppDynamics Center of Excellence.






Splunk Version:

6.2.0, 6.3.2, 6.3.3

Last Update:

18th Mar 2018


Release Notes:

  • Version 3.7.2 (06/25/2014)

    1) Updated the splunk libraries to fix post custom event issue

  • Version 3.8.1 (08/07/2015)

    1) Added support to 4.x controller

  • Version 3.8.2 (11 Feb 2016)

    1) Fixed multiple ad_affected_entity_name in the posted event by adding ad_evaluation_entity_name

  • Version 3.9.0 (15 Mar 2016)

    1) Using Splunk REST API to post events and removed Splunk and Splunk logging libraries

    2) Replaced .splunkrc with the config.yml

  • Version 3.9.1 (25 Aug 2016)

    1) config clean up and proxy support

  • Version 3.9.2 (09 Sep 2016)

    1) added root logger in log4j.xml

Version 3.9.3 (18th March 2018) Updated Licenses