Other Usage
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to create alert based on Splunk Dashboard Studio indicators?

Amit79
Loves-to-Learn Everything
‎06-20-2023 01:46 PM

I have below Splunk query which calculates SLI  but I need to create the alert to support group if the SLI values falls below 95 can someone please help me with that? 

SLI I am calculating based on events and how can I generate the alerts when I am tiring this I am not getting Alerts option on to Splunk, appreciate help on this

(index=idx_re2eeur0_v5 host=mpllnx0432 EVENT_GROUP="SHIPMENT" SOURCE_SYSTEM="IIB" TARGET_SYSTEM="GGX" EVENT_MSG="Send a ZLIDCTR*" COMPONENTNAME="RNATLL05")
OR (index=idx_re2eeur0_v5 host=* EVENT_GROUP="SHIPPED" SOURCE_SYSTEM="WMB" TARGET_SYSTEM="SDS" EVENT_MSG="Tech Ack OK received*" COMPONENTNAME="RNATLL05")
| rex field=NATIVEID "...\S...\S(?<DeliveryID>\d+)\/"
| rex field=_raw "\"nativeID\":\"(?<DeliveryID>\d+)\S"
| transaction DeliveryID startswith="Send a ZLIDCTR*" endswith="Tech Ack OK received*"
| stats count as valid_events count(eval(duration<180)) as good_events avg(duration) as averageDuration
| eval sli=round((good_events/valid_events) * 100, 2)
| stats count | where sli < 95

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 01:22 AM

@Amit79 

  • Run this as a search query on the Splunk Search page.
  • Save -> Save as Alert
  • And then set all crieterias as you need it.

 

Reference - https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html 

 

I hope this helps!!!!

 

0 Karma
Reply

Amit79
Loves-to-Learn Everything
‎06-21-2023 09:57 AM

Thank you, I have another question, do you any references or samples to create ticket in servicenow using ITSI plugin, I also need to create if thresholds are breaching

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 11:14 AM

I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now - https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow

 

Also, I know Service Now Add-on itself can create a SNOW ticket with an alert - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions

 

I hope this helps!!! Kindly upvote if it does!!!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...