Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Automated monitoring of splunk dashboards and alerts

sameerdeepu2000
Engager
‎10-06-2023 06:59 PM

Hi All, 

I am from an application production support team and we use splunk as our monitoring tool along with other tools. We use splunk primarily to get an understanding of the user actions via logs. 

We built some traditional dashboards and alerts to enhance our monitoring. We do our application health checks which include manually looking at splunk dashboards to see any spike in errors. 

I would like to automate this step where we check the dashboards and report them if there are any queries on dashboards that are trending red. Preferably post a RGB status on teams chat / email

Any leads on how to build this solution is much appreciated.

Labels (1)
Labels
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-06-2023 11:02 PM

Hi @sameerdeepu2000 ... you can create Splunk Alerts easily.. 

let me give you an example...

1) simply run a splunk search query (index=User_Custom_Index username=testUser  | stats count by username)

2) you can save that search query as as alert ..... ( just above the time-picker... "Save As"..choose "Alert" in the drop-down)

3) Splunk Alert gives you options to send email alerts.. for example.. if the count by a user is above 10, you can send email alert to your team DL. 

pls find doc link... https://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

sameerdeepu2000
Engager
‎10-06-2023 11:39 PM

Thanks @inventsekar . Apologies if my question was unclear but we do have alerts and dashboards configured. What we want now is automated health check in a simple RGB status which tells status of dashboards and alerts. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-07-2023 12:29 AM

Ok, but what would be the purpose of such check? What should it do?

0 Karma
Reply

sameerdeepu2000
Engager
‎10-07-2023 12:32 AM

The purpose of these dashboards are health checks. We do manually check these dashboards to see if the errors are within the thresholds. If they breach, we check if there is any actual issue going on. 
Though we have alerts configured, we do these checks manually 6 times a day, to ensure stability. 

we would like to move away manual checks and see for any automation options 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-07-2023 09:26 PM

Generally speaking..

1) Alerts are created for monitoring a threshold and get email notification (or other tasks like incident creation, etc)

2) Reports are created for daily/weekly/monthly reports generation(generally on a large dataset) and email the reports. 

3) Dashboards are created for viewing/checking/showcasing the current status of a search query/system. 

So generally you will not required email notification from dashboard. hope you got it. thanks. 

 

As you are a new member, let me update you that, karma points / upvotes are appreciated by everybody. thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...