Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Searching and Alert in Monitoring Console

mathiasy123
Path Finder
‎06-28-2020 07:41 PM

I'm new to Splunk Enterprise, I did some searching and reporting for file log data, and from them, I implemented alerting and it worked well. Is it possible to make my alert show up in Monitoring Console Splunk Enterprise?

When I open the Splunk Enterprise Monitoring Console, all the searching and alert that I made not show up there, how to make my searching and alert that I made it show up in Monitoring Console?

 

Pict 1: Search and Alert in Monitoring Console (no search and alert that I made)

Pict 2: Search and Alert I made

 

mathiasy123_1-1593398440194.png

 

mathiasy123_0-1593398383204.png

 

 

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎06-28-2020 08:40 PM

@mathiasy123 

what is your role. I guess, You need admin rights to move knowledge objects across apps.

If its not possible create the alert in MC app using run a search.

anilchaithu_0-1593401993204.png

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎06-28-2020 08:29 PM

@mathiasy123 

The alert has to be created in monitoring console to show up. Since it is already created you can move it to monitoring console app.

Edit -> move -> select "monitoring console"

anilchaithu_0-1593401294311.png

 

anilchaithu_1-1593401331476.png

 

If this helps, up vote is appreciated.

0 Karma
Reply
Solved! Jump to solution

mathiasy123
Path Finder
‎06-28-2020 08:31 PM

@anilchaithu  Why I don't have the "move" list?

mathiasy123_0-1593401475228.png

 

 

0 Karma
Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎06-28-2020 08:40 PM

@mathiasy123 

what is your role. I guess, You need admin rights to move knowledge objects across apps.

If its not possible create the alert in MC app using run a search.

anilchaithu_0-1593401993204.png

 

0 Karma
Reply
Solved! Jump to solution

mathiasy123
Path Finder
‎06-28-2020 08:48 PM

@anilchaithu  

I am Admin,

I did and still not show up in "Alert Setup" Menu MC, only the default alert MC is show up 

mathiasy123_0-1593402487041.png

 

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎06-28-2020 08:51 PM

@mathiasy123 

please check settings -> searches, reports and alerts

0 Karma
Reply
Solved! Jump to solution

mathiasy123
Path Finder
‎06-28-2020 08:54 PM

Okay, it appeared!

So, the alert will be able to run in monitoring console automatically?

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎06-28-2020 09:06 PM

Yes!!! It should run in monitoring console app.

0 Karma
Reply
Solved! Jump to solution

mathiasy123
Path Finder
‎06-28-2020 10:26 PM

@anilchaithu 

 

I have been waiting for 3 hours, why the alert in MC not triggered?

mathiasy123_0-1593408305728.pngmathiasy123_1-1593408350430.pngmathiasy123_2-1593408358297.png

 

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎06-29-2020 06:10 AM

@mathiasy123 

Did the search run? what is the schedule?

From the image shared, It looks like the alert has been scheduled every monday 6am. 

0 Karma
Reply
Solved! Jump to solution

mathiasy123
Path Finder
‎06-29-2020 06:36 AM

So I need to wait untill tomorrow at 6 am?

0 Karma
Reply
Solved! Jump to solution

mathiasy123
Path Finder
‎06-28-2020 09:07 PM

okay, thx so much !

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...