Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I be included in my cloud stack alerts?

WhitneySink
Splunk Employee
Splunk Employee
‎02-07-2022 01:18 PM

I have team members that receive notifications when our environment is undergoing maintenance.  Should I be getting those?  What is an Operational Contact and should I be added as one?

Labels (2)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

WhitneySink
Splunk Employee
Splunk Employee
‎02-07-2022 01:28 PM

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

WhitneySink
Splunk Employee
Splunk Employee
‎02-07-2022 01:28 PM

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

0 Karma
Reply
Solved! Jump to solution

rkurapati
Splunk Employee
Splunk Employee
‎12-26-2022 06:37 PM

How can a user check if he/she has been set up as an Operational Contact on a Cloud Stack ?

0 Karma
Reply
Solved! Jump to solution

WhitneySink
Splunk Employee
Splunk Employee
‎04-18-2022 12:17 PM

Want more information?  Check out this short video on Operational Contacts!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...