×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
MichaelRTR
Loves-to-Learn
Member since: ‎09-08-2025
‎03-19-2026
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-08-2025
View All

Re: Help using time in a detector

by in Splunk Observability Cloud
‎03-20-2026 04:19 AM
‎03-20-2026 04:19 AM
Hi Bishida, Thanks for the response. While this would be a good solution for 1 (or a low volume) Cloud Scheduled Function, I need to roll this out for 150+ CSF that run on different schedules. Hence, it wouldn't be feasible to add so many muting rules. and this probably would not scale as I need (when adding more CSFs in the future). I'm not sure if you know if signalflow can use/read cron or time windows in general?  Thanks! ... View more

Help using time in a detector

by in Splunk Observability Cloud
‎03-19-2026 04:27 AM
‎03-19-2026 04:27 AM
Hi there, I wanted to get some advice please on a detector creation. For my Cloud Scheduled Functions, I have a custom metric called "job.status" for operational monitoring. This metric has the dimensions: job_id, job_event (START/ERROR/END), and job_event_source (SCHEDULER/JOB). I have Cloud Scheduled Functions that run on cron schedule. For example, 1 service may run its CSFs at: 1pm, 3pm and 5pm daily. I want to create some detectors that: Detector 1: Expected Start Detectors: Detectors assert that a job_event=START metric occurs within a small window around the job's Cron-scheduled start time. For example, the job_event=START occurs around 1pm, 3pm, 5pm daily as per above example. This lets us know if jobs fail to start. Detector 2: Expected Completion Detectors: Detectors assert that a terminal job_event (END/ERROR) metric occurs within the specific window defined by the job's Cron schedule, and/or since the prior job_event=START metric, and the max run time. (E.g., when(hour >= 1 and hour < 2) for a job scheduled only at 1AM and having a max runtime of an hour.) This lets us know if jobs are running too long. Is it possible to incorporate the above detectors using existing logic available in Splunk Observability Cloud? I am finding difficult to achieve the above. It would be great to get some advice. Thanks, Michael ... View more

Splunk MCP integration with Gemini

by in Splunk Cloud Platform
‎10-10-2025 06:34 AM
‎10-10-2025 06:34 AM
Hi all, Curious to know if anyone has successfully integrated Splunk MCP with Gemini? I have setup and configured the Splunk MCP server and I get successful responses when hitting my Splunk MCP endpoint from command line. However, there does not seem to be out of the box support for Gemini whereby I can configure the Splunk MCP server/details. I see some docs and forums online which suggest that ChatGPT and Claude are easy to integrate with. I've also seen the Splunk MCP video with Claude integration steps. Has anyone successfully integrated with Gemini? Thanks in advance, Michael ... View more
Labels

Detector for alert storm / detector on detector

by in Splunk Observability Cloud
‎09-08-2025 09:39 AM
‎09-08-2025 09:39 AM
Hi there, I have a use-case whereby I want to trigger an alert/detector when there is a spike of triggered detectors in my org. The idea is to catch an outage and alert an appropriate team. I want to monitor and alert when there is a spike in triggered detectors. Is there a suitable way to achieve this? I tested but I do not see any suitable metrics to use. This seems like a simple use-case but there does not appear to be a simple solution. As an example, I would like to trigger a detector when >5 P1 detectors have triggered in a 5 min period (just an example). Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-19-2026 04:24 AM