Defining threshold values in Descending order ( P...

satyab · ‎12-23-2019

Here is what I found in case you were wondering what I am asking for. Point 2# looks like ITSI doesn’t understand 0 as its lower value?)
1. If we are defining threshold values in Ascending order- We are good as ( example Error Rate Threshold, where anything above 60% is Critical, while we start from 0- Normal, 10-Low,20-Medium, 40- High, So ITSI know that any number above 60 will be marked as Critical.
2. If we are defining threshold values in Descending order – We need to make sure we end up with 0. As its lowest value . Normal -6 , Low-5,Medium-4,High-3,Critical-2 ( I can’t do this , as If I have value as 1 it will say default Severity Not Critical), While I m anticipating it to know that anything below 2 until 0 should be critical .

Fix - I have to say Critical-0. Then model is reflecting/report correctly as Critical failure.

So, Can the model just like in Ascending case where it know its 100% max.Can it have a boundary defination for 0 is Minimum for Descending Values?

Thanks
Satya

satyab · ‎01-30-2020

@splunk Team,
For a fact I know this is happening and only way I could avoid by defining lowest value as "0" for the threshold? Other wise it is using Default value as expected.

satyab · ‎05-06-2020

So, can this be fixed 🙂

Defining threshold values in Descending order ( Possible Defect?)

configuration

troubleshooting

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation