Other Usage

How to create alert based on Splunk Dashboard Studio indicators?

Amit79
Loves-to-Learn Everything

I have below Splunk query which calculates SLI  but I need to create the alert to support group if the SLI values falls below 95 can someone please help me with that? 

SLI I am calculating based on events and how can I generate the alerts when I am tiring this I am not getting Alerts option on to Splunk, appreciate help on this

(index=idx_re2eeur0_v5 host=mpllnx0432 EVENT_GROUP="SHIPMENT" SOURCE_SYSTEM="IIB" TARGET_SYSTEM="GGX" EVENT_MSG="Send a ZLIDCTR*" COMPONENTNAME="RNATLL05")
OR (index=idx_re2eeur0_v5 host=* EVENT_GROUP="SHIPPED" SOURCE_SYSTEM="WMB" TARGET_SYSTEM="SDS" EVENT_MSG="Tech Ack OK received*" COMPONENTNAME="RNATLL05")
| rex field=NATIVEID "...\S...\S(?<DeliveryID>\d+)\/"
| rex field=_raw "\"nativeID\":\"(?<DeliveryID>\d+)\S"
| transaction DeliveryID startswith="Send a ZLIDCTR*" endswith="Tech Ack OK received*"
| stats count as valid_events count(eval(duration<180)) as good_events avg(duration) as averageDuration
| eval sli=round((good_events/valid_events) * 100, 2)
| stats count | where sli < 95

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@Amit79 

  • Run this as a search query on the Splunk Search page.
  • Save -> Save as Alert
  • And then set all crieterias as you need it.

 

Reference - https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html 

 

I hope this helps!!!!

 

0 Karma

Amit79
Loves-to-Learn Everything

Thank you, I have another question, do you any references or samples to create ticket in servicenow using ITSI plugin, I also need to create if thresholds are breaching

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now - https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow

 

Also, I know Service Now Add-on itself can create a SNOW ticket with an alert - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions

 

I hope this helps!!! Kindly upvote if it does!!!

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...