Create a dashboard when an alert is triggered?

simomo · ‎05-03-2021

Use case: detect outliers

Alert is triggered when an outlier is detected. For now I can send an email containing some information from this trigger.

How I want to do a dashboard including the past data and detected outlier when this outlier is found.

I am not sure of the workflow. There is no option of dashboard when sending the alert through email.

Does it means that I have to save the alert result into an lookup file and schedule another dashboarding?

The dashboard itself can only be scheduled in terms of time. I can do it and then use where to find if there is an outlier. If yes, there is no way to send an alert.

How should I do it?

ITWhisperer · ‎05-03-2021

Presumably, the alert is based on the results of a search with particular time parameters. Can you reproduce the search in a dashboard with tokens for the time range. Then you can call this dashboard with the time range token values based on the alert.

simomo · ‎05-03-2021

Can you explain more detailedly about the tokens?

Yes the alert is based on scheduled search and only alert when a condition is met (result>0). How do I automate this token and activate the dashboard?

Create a dashboard when an alert is triggered?

other

.conf23 Registration is Now Open!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control