Alerting

How can I be included in my cloud stack alerts?

WhitneySink
Splunk Employee
Splunk Employee

I have team members that receive notifications when our environment is undergoing maintenance.  Should I be getting those?  What is an Operational Contact and should I be added as one?

Labels (2)
0 Karma
1 Solution

WhitneySink
Splunk Employee
Splunk Employee

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

View solution in original post

0 Karma

WhitneySink
Splunk Employee
Splunk Employee

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

0 Karma

WhitneySink
Splunk Employee
Splunk Employee

Want more information?  Check out this short video on Operational Contacts!

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...