Create e-mail alerts for inactive and unstable ent...

rmo23

Hi guys!

how to proceed to create alerts on inactive and unstable entities .

gcusello

as also @yuanliu said, you should share more details about your infrastructure.

Anyway, in ITSI there's an asset inventory that should be complete (otherwise you have a very bigger issue!).

So, you could use the lookup containing these asset (I don' t remember its name) and run a search like the following:

| tstats 
     count
     where index=*
     BY host
| append [ | inputlookup your_asset_lookup | eval count=0 | fields host count ]
| stats sum(count) AS total BY host
| where total=0

Ciao.

Giuseppe

rmo23

hi
Indeed, thanks to ITSI, I can have data on the metrics, the status of my servers, active or inactive, I can predict the status of my infrastructure, etc. I just want to receive email alerts only when my servers are inactive, I only see this status when I'm in ‘Entity Overview’ if it's possible to configure an email alert on it.

gcusello

Hi @rmo23 ,

at first see if there is the way (I don't know very deeply ITSI) to enable as action the email sending.

If not extract the search from this dashboard and create a custom alert.

Ciao.

Giuseppe

yuanliu

Until you can tell us what data you have, what field/value in that data indicates inactive and unstable entities, and how you want the output to look like, volunteers are not going to help you.

rmo23

hi
I manage to monitor the servers divided into services via the ITSI.
However, I would like to receive email alerts when some of my servers change state, either inactive or unstable, for better reactivity.

Create e-mail alerts for inactive and unstable entities

alert action

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector