Splunk query to get the threshold values of differ...

Kumar23 · ‎08-10-2020

richgalloway · ‎08-10-2020

What is your question?

---
If this reply helps you, Karma would be appreciated.

Kumar23 · ‎08-18-2020

Hi @richgalloway did you understand my query? Please let me know for any further information.

Thanks,

Kumar23

richgalloway · ‎08-18-2020

No, I don't, but I replied only because your posting was empty.
eduncan has suggested a solution. I suggest you consider it.

---
If this reply helps you, Karma would be appreciated.

Kumar23 · ‎08-10-2020

We will set the threshold values for KPI's like High, Medium, Normal in ITSI right. I need a query to get that threshold values for various KPI's.

eduncan · ‎08-18-2020

You can use this content pack:https://docs.splunk.com/Documentation/ITSICP/current/Config/AboutMA and it has corr searches that bring back KPI status. You can use these as your starting point. It will not tell you what the threshold is, rather if it is passed. You don't need to pull the threshold setting you need to pull whether it has passed the threshold and then you can alert on it.

Splunk query to get the threshold values of different KPI's in ITSI.

using ITSI

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?