Splunk Observability Cloud
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a custom event detector?

niemi_splunk
Engager
‎11-02-2022 01:57 AM

Hi,

I want to create a detector based on a custom event ingested using the API. I can select the eventType value as the signal but the conditions are all about signal values which obviously do not apply to an event.  

Any ideas?

Labels (1)
Reply

neilh
Engager
‎05-25-2023 03:33 AM

I would also like to know this. This seems like an obvious use case, but I can find no  information about how to achieve this in the documentation. 

If this is not possible, it makes the whole concept of custom events pretty useless IMO.

@niemi_splunk did you ever find a solution for this?

 

@bishida  @jha @matt  Do you know if this is possible?

Thanks

0 Karma
Reply

niemi_splunk
Engager
‎05-25-2023 04:25 AM

I turned to write the events into a log file and used Log Pipeline Management to Metriczise them

0 Karma
Reply

neilh
Engager
‎05-25-2023 05:01 AM

Thanks for the response @niemi_splunk , much appreciated. 

Glad you found a working around. Unfortunately this won't work for me, as we're using Log Observer Connect, and Log Management Pipelines are not available, neither are metricised logs (unlike with the Log Observer entitlement).

I will wait and see if the others I tagged have any suggestions. 

0 Karma
Reply

bishida
Splunk Employee
Splunk Employee
‎05-25-2023 08:57 AM

Hi neilh,

I might be able to help point you in the right direction if I understand your use case better. Could you describe your scenario, what it is you're monitoring, and what you're trying to detect? We might just need a different approach to achieve your goal.

Generally speaking, detectors are built from signals and events add context to signals. So, events and signals are not the same thing.  Detectors can monitor signals and they can create events.

Here is a snippet from this documentation page that may help clarify.

https://docs.splunk.com/Observability/alerts-detectors-notifications/create-detectors-for-alerts.htm...

bishida_0-1685029645521.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...