Dashboards & Visualizations

Is there a way of making an Alert condition configurable so a user can modify a threshold on a dashboard?

SwatiApte
Path Finder

We have used a Search string in the Alert condition, which triggers an Alert if some count goes beyond a particular threshold, say 50. What should be done if we want a User to be able to modify this threshold manually, via a Dashboard? Can a token from a Dashboard be passed to an Alert condition?

0 Karma
1 Solution

PPape
Contributor

I have done this with an lookup file.

created it in the dashboard via | outputlookup and used the | inputlookup in the alert search.

View solution in original post

PPape
Contributor

I have done this with an lookup file.

created it in the dashboard via | outputlookup and used the | inputlookup in the alert search.

SwatiApte
Path Finder

Using a look-up though, is it possible to keep a track of all modifications to the thresholds?

0 Karma

MuS
Legend

use summary indexes for this or be patient.....there will be an awesome app available which can handle such things 😉

0 Karma

SwatiApte
Path Finder

Haha 🙂 Hmm...summary index is another great option, thanks..!

0 Karma

markthompson
Builder

Hey SwatiApte, using output input lookup tables simply creates a CSV file which, if you wanted to you could input and then display in a table.
What Ppape is saying is if you create the dashboard and the alert, but set the alert to input the CSV and get the latest value from it.

0 Karma

SwatiApte
Path Finder

Thanks Mark, what I meant was, using an Output Look-up, we are creating (or replacing) a CSV file each time the User modifies a threshold using an Input on the dashboard, so is there no way I could keep a track of what modifications were made to the look-up file and by whom?

  • Swati
0 Karma

SwatiApte
Path Finder

Oh okay, perfect! Thanks!

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...