I'd like to provide an option, either on workflow actions menu, or just a link/form in the UI that took information from an event (Fields i choose), and allow for the creation of a future alert. The technical part would be:
thoughts?
This capability is in the latest versions of Splunk. In v6, after running any search, there is a save as
menu just above the time picker
and Alert
is an option. If you select this, it takes you through a wizard that lets you set options such as sending emails.