Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to get ITSI Alerts based on KPIs from All Server Search?

SeanPLittle
Engager
‎01-29-2018 06:04 AM

I have just been pushed into the deep end of the Splunk pool and I need to figure something out.

I have ITSI and within it there is a Service that encompases all of my Server Entities.

Within that Service I have KPIs for Health, CPU, network, RAM, and Disk Utilization.

I would like to be able to get notifications from this service with a list of affected Entities contained in the email for the alerts.

Can I do that? How would I be able to do that?

Thanks!

Reply

ansif
Motivator
‎02-07-2018 04:13 AM

@SeanPLittle : It is easy,you need to create an aggregation policy under configure->notable_event_aggregation_policies

There you can group events and in action you can send mail or tickets or run a script etc...

https://docs.splunk.com/Documentation/ITSI/3.0.1/User/CreateAggregationPolicies

0 Karma
Reply

SeanPLittle
Engager
‎02-09-2018 09:46 AM

Yes but if I set up an aggregate policy I just get a notification that the CPU/RAM/Disk has triggered the alarm. I do not get which of my 1700 servers has triggered this alarm.

Anyway I can do that within the notification language maybe?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...