Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I be included in my cloud stack alerts?

WhitneySink
Splunk Employee
Splunk Employee
‎02-07-2022 01:18 PM

I have team members that receive notifications when our environment is undergoing maintenance.  Should I be getting those?  What is an Operational Contact and should I be added as one?

Labels (2)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

WhitneySink
Splunk Employee
Splunk Employee
‎02-07-2022 01:28 PM

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

WhitneySink
Splunk Employee
Splunk Employee
‎02-07-2022 01:28 PM

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

0 Karma
Reply
Solved! Jump to solution

rkurapati
Splunk Employee
Splunk Employee
‎12-26-2022 06:37 PM

How can a user check if he/she has been set up as an Operational Contact on a Cloud Stack ?

0 Karma
Reply
Solved! Jump to solution

WhitneySink
Splunk Employee
Splunk Employee
‎04-18-2022 12:17 PM

Want more information?  Check out this short video on Operational Contacts!

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...