health check for rules

Path Finder

I have a lot of different alerts on our splunk. after every upgrade or change on splunk we just want to check if our alerts work well or not. 

how can we ensure the quality of the alerts?  how can we report if our alerts work properly as planed?



Labels (1)
Tags (2)
0 Karma


You will need to inject data into Splunk that will trigger your alerts.  The data should also make it clear it is for test purposes so as to avoid causing alarm.

If this reply helps you, an upvote would be appreciated.
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!