Other Usage
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create alert based on Splunk Dashboard Studio indicators?

Amit79
Loves-to-Learn Everything
‎06-20-2023 01:46 PM

I have below Splunk query which calculates SLI  but I need to create the alert to support group if the SLI values falls below 95 can someone please help me with that? 

SLI I am calculating based on events and how can I generate the alerts when I am tiring this I am not getting Alerts option on to Splunk, appreciate help on this

(index=idx_re2eeur0_v5 host=mpllnx0432 EVENT_GROUP="SHIPMENT" SOURCE_SYSTEM="IIB" TARGET_SYSTEM="GGX" EVENT_MSG="Send a ZLIDCTR*" COMPONENTNAME="RNATLL05")
OR (index=idx_re2eeur0_v5 host=* EVENT_GROUP="SHIPPED" SOURCE_SYSTEM="WMB" TARGET_SYSTEM="SDS" EVENT_MSG="Tech Ack OK received*" COMPONENTNAME="RNATLL05")
| rex field=NATIVEID "...\S...\S(?<DeliveryID>\d+)\/"
| rex field=_raw "\"nativeID\":\"(?<DeliveryID>\d+)\S"
| transaction DeliveryID startswith="Send a ZLIDCTR*" endswith="Tech Ack OK received*"
| stats count as valid_events count(eval(duration<180)) as good_events avg(duration) as averageDuration
| eval sli=round((good_events/valid_events) * 100, 2)
| stats count | where sli < 95

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 01:22 AM

@Amit79 

  • Run this as a search query on the Splunk Search page.
  • Save -> Save as Alert
  • And then set all crieterias as you need it.

 

Reference - https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html 

 

I hope this helps!!!!

 

0 Karma
Reply

Amit79
Loves-to-Learn Everything
‎06-21-2023 09:57 AM

Thank you, I have another question, do you any references or samples to create ticket in servicenow using ITSI plugin, I also need to create if thresholds are breaching

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 11:14 AM

I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now - https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow

 

Also, I know Service Now Add-on itself can create a SNOW ticket with an alert - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions

 

I hope this helps!!! Kindly upvote if it does!!!

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...