Create a Dashboard With a List of Alerts or Report...

SplunkLunk · ‎08-13-2019

So according to our admins there isn't an easy way to nest alerts on the "Alerts" page. I have a number of departmental alerts and I just have to keep scrolling down to get to some of them. I start each alert using a naming convention so they are grouped on the page, but it's annoying to scroll through dozens of alerts. Is there a way to create a dashboard I can lump each area's alerts into a panel that I can click on? So alerts for "Marketing" in one panel. Alerts for "IT" in another panel. It would just be easier for me to navigate alerts for specific areas that way. Thanks.

mayurr98 · ‎08-13-2019

Try this search : | rest /services/saved/searches | table title

<dashboard>
  <label>test1</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| rest /services/saved/searches | table title</query>
          <earliest>0</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <drilldown>
          <link target="_blank">alert?s=%2FservicesNS%2Fnobody%app_name%2Fsaved%2Fsearches%2F$click.value$</link>
        </drilldown>
      </table>
    </panel>
  </row>
</dashboard>

This will give you list of all saved searches which you can point to specific alert using dashboard drilldown.

The drilldown is

<link target="_blank">alert?s=%2FservicesNS%2Fnobody%app_name%2Fsaved%2Fsearches%2F$click.value$</link>

You need to find the link and paste it.

Create a Dashboard With a List of Alerts or Reports

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms