Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Automated monitoring of splunk dashboards and alerts

sameerdeepu2000
Engager
‎10-06-2023 06:59 PM

Hi All, 

I am from an application production support team and we use splunk as our monitoring tool along with other tools. We use splunk primarily to get an understanding of the user actions via logs. 

We built some traditional dashboards and alerts to enhance our monitoring. We do our application health checks which include manually looking at splunk dashboards to see any spike in errors. 

I would like to automate this step where we check the dashboards and report them if there are any queries on dashboards that are trending red. Preferably post a RGB status on teams chat / email

Any leads on how to build this solution is much appreciated.

Labels (1)
Labels
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-06-2023 11:02 PM

Hi @sameerdeepu2000 ... you can create Splunk Alerts easily.. 

let me give you an example...

1) simply run a splunk search query (index=User_Custom_Index username=testUser  | stats count by username)

2) you can save that search query as as alert ..... ( just above the time-picker... "Save As"..choose "Alert" in the drop-down)

3) Splunk Alert gives you options to send email alerts.. for example.. if the count by a user is above 10, you can send email alert to your team DL. 

pls find doc link... https://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts

 

0 Karma
Reply

sameerdeepu2000
Engager
‎10-06-2023 11:39 PM

Thanks @inventsekar . Apologies if my question was unclear but we do have alerts and dashboards configured. What we want now is automated health check in a simple RGB status which tells status of dashboards and alerts. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-07-2023 12:29 AM

Ok, but what would be the purpose of such check? What should it do?

0 Karma
Reply

sameerdeepu2000
Engager
‎10-07-2023 12:32 AM

The purpose of these dashboards are health checks. We do manually check these dashboards to see if the errors are within the thresholds. If they breach, we check if there is any actual issue going on. 
Though we have alerts configured, we do these checks manually 6 times a day, to ensure stability. 

we would like to move away manual checks and see for any automation options 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-07-2023 09:26 PM

Generally speaking..

1) Alerts are created for monitoring a threshold and get email notification (or other tasks like incident creation, etc)

2) Reports are created for daily/weekly/monthly reports generation(generally on a large dataset) and email the reports. 

3) Dashboards are created for viewing/checking/showcasing the current status of a search query/system. 

So generally you will not required email notification from dashboard. hope you got it. thanks. 

 

As you are a new member, let me update you that, karma points / upvotes are appreciated by everybody. thanks. 

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...