Splunk Observability Cloud
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a custom event detector?

niemi_splunk
Engager
‎11-02-2022 01:57 AM

Hi,

I want to create a detector based on a custom event ingested using the API. I can select the eventType value as the signal but the conditions are all about signal values which obviously do not apply to an event.  

Any ideas?

Labels (1)
Reply

neilh
Engager
‎05-25-2023 03:33 AM

I would also like to know this. This seems like an obvious use case, but I can find no  information about how to achieve this in the documentation. 

If this is not possible, it makes the whole concept of custom events pretty useless IMO.

@niemi_splunk did you ever find a solution for this?

 

@bishida  @jha @matt  Do you know if this is possible?

Thanks

0 Karma
Reply

niemi_splunk
Engager
‎05-25-2023 04:25 AM

I turned to write the events into a log file and used Log Pipeline Management to Metriczise them

0 Karma
Reply

neilh
Engager
‎05-25-2023 05:01 AM

Thanks for the response @niemi_splunk , much appreciated. 

Glad you found a working around. Unfortunately this won't work for me, as we're using Log Observer Connect, and Log Management Pipelines are not available, neither are metricised logs (unlike with the Log Observer entitlement).

I will wait and see if the others I tagged have any suggestions. 

0 Karma
Reply

bishida
Splunk Employee
Splunk Employee
‎05-25-2023 08:57 AM

Hi neilh,

I might be able to help point you in the right direction if I understand your use case better. Could you describe your scenario, what it is you're monitoring, and what you're trying to detect? We might just need a different approach to achieve your goal.

Generally speaking, detectors are built from signals and events add context to signals. So, events and signals are not the same thing.  Detectors can monitor signals and they can create events.

Here is a snippet from this documentation page that may help clarify.

https://docs.splunk.com/Observability/alerts-detectors-notifications/create-detectors-for-alerts.htm...

bishida_0-1685029645521.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...