Splunk Observability Cloud
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a custom event detector?

niemi_splunk
Explorer
‎11-02-2022 01:57 AM

Hi,

I want to create a detector based on a custom event ingested using the API. I can select the eventType value as the signal but the conditions are all about signal values which obviously do not apply to an event.  

Any ideas?

Labels (1)
Reply

neilh
Engager
‎05-25-2023 03:33 AM

I would also like to know this. This seems like an obvious use case, but I can find no  information about how to achieve this in the documentation. 

If this is not possible, it makes the whole concept of custom events pretty useless IMO.

@niemi_splunk did you ever find a solution for this?

 

@bishida  @jha @matt  Do you know if this is possible?

Thanks

0 Karma
Reply

niemi_splunk
Explorer
‎05-25-2023 04:25 AM

I turned to write the events into a log file and used Log Pipeline Management to Metriczise them

0 Karma
Reply

neilh
Engager
‎05-25-2023 05:01 AM

Thanks for the response @niemi_splunk , much appreciated. 

Glad you found a working around. Unfortunately this won't work for me, as we're using Log Observer Connect, and Log Management Pipelines are not available, neither are metricised logs (unlike with the Log Observer entitlement).

I will wait and see if the others I tagged have any suggestions. 

0 Karma
Reply

bishida
Splunk Employee
Splunk Employee
‎05-25-2023 08:57 AM

Hi neilh,

I might be able to help point you in the right direction if I understand your use case better. Could you describe your scenario, what it is you're monitoring, and what you're trying to detect? We might just need a different approach to achieve your goal.

Generally speaking, detectors are built from signals and events add context to signals. So, events and signals are not the same thing.  Detectors can monitor signals and they can create events.

Here is a snippet from this documentation page that may help clarify.

https://docs.splunk.com/Observability/alerts-detectors-notifications/create-detectors-for-alerts.htm...

bishida_0-1685029645521.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top