Splunk AppDynamics
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Policy Violation Events retention

CommunityUser
Splunk Employee
Splunk Employee
‎10-10-2017 03:39 AM

Hi,

I have a requirement for management to view past 1 year events for Business Transaction Response Time & Business Transaction Error.

I have built a custom dashboard for this. I have modified the default incidents.retention.period to 35 days. But I need the violation events for above 2 health rules
for the last 1 year.

What would be a good solution for this.

Can we increase the value of incidents.retention.period to 1 year
OR
Can we auto archive the policy violations events using custom actions (Couldnt find a reference to archiving event in Alert & Respond API)
OR
Create a Analytics Custom schema to store the occurrence of the policy violation and create a custom action to call the event service to make an entry when policy violation occurs.

Appreciate your help.

Regards,
Alakshya

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Yogesh_Chouk
Builder
‎10-11-2017 08:42 PM

Hi Alakshya,

We see that you have raised a support ticket regarding the same issue and our engineer has recommended you not to change this setting because if you change it to 1 year your controller will be affected. Also ,you have mentioned  as the events are very rare and hence suggested to go with the 3rd Option.

Thanks,

Yogesh

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Yogesh_Chouk
Builder
‎10-11-2017 08:42 PM

Hi Alakshya,

We see that you have raised a support ticket regarding the same issue and our engineer has recommended you not to change this setting because if you change it to 1 year your controller will be affected. Also ,you have mentioned  as the events are very rare and hence suggested to go with the 3rd Option.

Thanks,

Yogesh

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...