Defining threshold values in Descending order ( P...

satyab · ‎12-23-2019

Here is what I found in case you were wondering what I am asking for. Point 2# looks like ITSI doesn’t understand 0 as its lower value?)
1. If we are defining threshold values in Ascending order- We are good as ( example Error Rate Threshold, where anything above 60% is Critical, while we start from 0- Normal, 10-Low,20-Medium, 40- High, So ITSI know that any number above 60 will be marked as Critical.
2. If we are defining threshold values in Descending order – We need to make sure we end up with 0. As its lowest value . Normal -6 , Low-5,Medium-4,High-3,Critical-2 ( I can’t do this , as If I have value as 1 it will say default Severity Not Critical), While I m anticipating it to know that anything below 2 until 0 should be critical .

Fix - I have to say Critical-0. Then model is reflecting/report correctly as Critical failure.

So, Can the model just like in Ascending case where it know its 100% max.Can it have a boundary defination for 0 is Minimum for Descending Values?

Thanks
Satya

satyab · ‎01-30-2020

@splunk Team,
For a fact I know this is happening and only way I could avoid by defining lowest value as "0" for the threshold? Other wise it is using Default value as expected.

satyab · ‎05-06-2020

So, can this be fixed 🙂

Defining threshold values in Descending order ( Possible Defect?)

configuration

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation