How to Add a Field for Entering Ticket Number and ...

vwilson3 · ‎04-20-2021

Hi. I'm very much a novice when it comes to dashboards. I have to create a dashboard that monitors our alerts. I have created this report to use to start with. I have to add a field where a ticket number can be entered for each tripped alert. Also, I have to add a drop down for each alert for the ticket status (i.e. New, WIP, Closed).

Here is my search string for the dashboard panel that shows our alerts:
index=_audit action=alert_fired
| eval _time=trigger_time
| convert timeformat="%+" ctime(_time) as trigger_time
| table trigger_time ss_name severity alert_actions sid
| eval severity = case(severity==1,"Informational",severity==2,"Low",severity==3,"Medium",severity==4,"High",severity==5,"Critical")
| rename trigger_time as "Alert Time:", ss_name as "Alert Name:", severity as "Alert Urgency:", alert_actions as "Alert Actions:", sid as "SID:"

I'm open to suggestions for a better way to do this. Please keep in mind that we cannot install any Splunk apps as we are in a multi-tenancy environment and do not own the Enterprise Splunk instance.

Any assistance is greatly appreciated!

How to Add a Field for Entering Ticket Number and Second Field for Selecting Status from Dropdown

panel

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms