Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Documenting incidents/outages

jamesklassen
Path Finder
‎01-31-2012 11:30 AM

Splunk generates alerts, for example if a server fails to ping or isn't running required services. Is it possible to manually add information to incidents tripped in Splunk's alert manager, in order to correlate Splunk alerts with incident or outage information?

Tags (1)
Reply

jamesklassen
Path Finder
‎01-31-2012 12:05 PM

If we have an alert, I would like for one of our admins to be required to document exactly what happened. Could tags be used for that?

Reply

piebob
Splunk Employee
Splunk Employee
‎01-31-2012 11:46 AM

not completely sure what your situation is, but you could tag the events involved in the alert via Splunk Web. then you can search on the tags for future analysis. you could define standard tags for different incidents or outages, or even for certain types of incidents and outages for use in future situations.

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Abouttagsandaliases

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...