https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647836#M799 <P>I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now -&nbsp;<A href="https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow" target="_blank">https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow</A></P><P>&nbsp;</P><P>Also, I know Service Now Add-on itself can create a SNOW ticket with an alert -&nbsp;<A href="https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions" target="_blank">https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions</A></P><P>&nbsp;</P><P>I hope this helps!!! Kindly upvote if it does!!!</P> Wed, 21 Jun 2023 18:14:24 GMT VatsalJagani 2023-06-21T18:14:24Z https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647682#M796 <P>I have below Splunk query which calculates SLI&nbsp; but I need to create the alert to support group if the SLI values falls below 95 can someone please help me with that?&nbsp;</P> <P>SLI I am calculating based on events and how can I generate the alerts when I am tiring this I am not getting Alerts option on to Splunk, appreciate help on this</P> <P>(index=idx_re2eeur0_v5 host=mpllnx0432 EVENT_GROUP="SHIPMENT" SOURCE_SYSTEM="IIB" TARGET_SYSTEM="GGX" EVENT_MSG="Send a ZLIDCTR*" COMPONENTNAME="RNATLL05")<BR />OR (index=idx_re2eeur0_v5 host=* EVENT_GROUP="SHIPPED" SOURCE_SYSTEM="WMB" TARGET_SYSTEM="SDS" EVENT_MSG="Tech Ack OK received*" COMPONENTNAME="RNATLL05")<BR />| rex field=NATIVEID "...\S...\S(?&lt;DeliveryID&gt;\d+)\/"<BR />| rex field=_raw "\"nativeID\":\"(?&lt;DeliveryID&gt;\d+)\S"<BR />| transaction DeliveryID startswith="Send a ZLIDCTR*" endswith="Tech Ack OK received*"<BR />| stats count as valid_events count(eval(duration&lt;180)) as good_events avg(duration) as averageDuration<BR />| eval sli=round((good_events/valid_events) * 100, 2)<BR />| stats count | where sli &lt; 95</P> Tue, 20 Jun 2023 22:36:36 GMT https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647682#M796 Amit79 2023-06-20T22:36:36Z https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647725#M797 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/257948">@Amit79</a>&nbsp;</P><UL><LI>Run this as a search query on the Splunk Search page.</LI><LI>Save -&gt; Save as Alert</LI><LI>And then set all crieterias as you need it.</LI></UL><P>&nbsp;</P><P>Reference -&nbsp;<A href="https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html" target="_blank">https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html</A>&nbsp;</P><P>&nbsp;</P><P>I hope this helps!!!!</P><P>&nbsp;</P> Wed, 21 Jun 2023 08:22:33 GMT https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647725#M797 VatsalJagani 2023-06-21T08:22:33Z https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647831#M798 <P>Thank you, I have another question, do you any references or samples to create ticket in servicenow using ITSI plugin, I also need to create if thresholds are breaching</P> Wed, 21 Jun 2023 16:57:51 GMT https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647831#M798 Amit79 2023-06-21T16:57:51Z https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647836#M799 <P>I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now -&nbsp;<A href="https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow" target="_blank">https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow</A></P><P>&nbsp;</P><P>Also, I know Service Now Add-on itself can create a SNOW ticket with an alert -&nbsp;<A href="https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions" target="_blank">https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions</A></P><P>&nbsp;</P><P>I hope this helps!!! Kindly upvote if it does!!!</P> Wed, 21 Jun 2023 18:14:24 GMT https://community.splunk.com/t5/Other-Usage/How-to-create-alert-based-on-Splunk-Dashboard-Studio-indicators/m-p/647836#M799 VatsalJagani 2023-06-21T18:14:24Z