Could you setup Splunk to generate an e-mail off the alert and then have that e-mail open the defect in Rally?
I found this on GitHub that opens defects or user stories in Rally (depending on whether 'defect' is at the start of the email subject) but there may be other ways to accomplish this in Rally today as it looks like it's 4 years old.
That'd be the route I'd take to try and accomplish what I think you're looking for. Hope this helps.
Jacob
... View more