Alert

Amoreuser

Hello,

I just wanted to know more detailed information so I opened the case.

About Alert settings.

I set Threshold '90' , Trigger 'Immediately' and Alert when ' Above '

If the above settings are
Does the alarm occur from 90.1?

I remember in the beginning, if I set it to 90, it was registered as 89.

It's currently set up that way
I would like to know if an alert is occurring at 89.1.

In case an alarm occurs at 89.1,
I need to fix it as soon as possible

Please reply

Thank you !!!

PickleRick

What product/service are you talking about? Splunk Enterprise doesn't have the settings you describe. Is it Observability?

sainag_splunk

Hi @Amoreuser, Based on what you described, there seems to be an config issue in your alert setup. If your threshold is set to 90 but alerts are triggering at 89.1, you may want to check a few things: First, verify that your alert condition is exactly set to "Above" and not "Above or Equal". Second, take a look at your search query to make sure there's no unintended data processing affecting the values. If you're working with decimal values, you might want to add a round() function in your search to ensure more precise threshold control.

Could you share your search query so I can help identify the issue?

If this Helps, Please Upvote.

Alert

monitoring console

other

proactive Splunk component monitoring

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?