Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get ITSI Alerts based on KPIs from All Server Search?

SeanPLittle
Engager
‎01-29-2018 06:04 AM

I have just been pushed into the deep end of the Splunk pool and I need to figure something out.

I have ITSI and within it there is a Service that encompases all of my Server Entities.

Within that Service I have KPIs for Health, CPU, network, RAM, and Disk Utilization.

I would like to be able to get notifications from this service with a list of affected Entities contained in the email for the alerts.

Can I do that? How would I be able to do that?

Thanks!

Reply

ansif
Motivator
‎02-07-2018 04:13 AM

@SeanPLittle : It is easy,you need to create an aggregation policy under configure->notable_event_aggregation_policies

There you can group events and in action you can send mail or tickets or run a script etc...

https://docs.splunk.com/Documentation/ITSI/3.0.1/User/CreateAggregationPolicies

0 Karma
Reply

SeanPLittle
Engager
‎02-09-2018 09:46 AM

Yes but if I set up an aggregate policy I just get a notification that the CPU/RAM/Disk has triggered the alarm. I do not get which of my 1700 servers has triggered this alarm.

Anyway I can do that within the notification language maybe?

0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...