Alert

Amoreuser · ‎12-16-2024

Hello,

I just wanted to know more detailed information so I opened the case.

About Alert settings.

I set Threshold '90' , Trigger 'Immediately' and Alert when ' Above '

If the above settings are
Does the alarm occur from 90.1?

I remember in the beginning, if I set it to 90, it was registered as 89.

It's currently set up that way
I would like to know if an alert is occurring at 89.1.

In case an alarm occurs at 89.1,
I need to fix it as soon as possible

Please reply

Thank you !!!

PickleRick · ‎12-16-2024

What product/service are you talking about? Splunk Enterprise doesn't have the settings you describe. Is it Observability?

sainag_splunk · ‎12-16-2024

Hi @Amoreuser, Based on what you described, there seems to be an config issue in your alert setup. If your threshold is set to 90 but alerts are triggering at 89.1, you may want to check a few things: First, verify that your alert condition is exactly set to "Above" and not "Above or Equal". Second, take a look at your search query to make sure there's no unintended data processing affecting the values. If you're working with decimal values, you might want to add a round() function in your search to ensure more precise threshold control.

Could you share your search query so I can help identify the issue?

If this Helps, Please Upvote.

Alert

monitoring console

proactive Splunk component monitoring

Unleash Unified Security and Observability with Splunk Cloud Platform

Enterprise Security Content Update (ESCU) | New Releases

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!