Alerting

Documenting incidents/outages

jamesklassen
Path Finder

Splunk generates alerts, for example if a server fails to ping or isn't running required services. Is it possible to manually add information to incidents tripped in Splunk's alert manager, in order to correlate Splunk alerts with incident or outage information?

Tags (1)

jamesklassen
Path Finder

If we have an alert, I would like for one of our admins to be required to document exactly what happened. Could tags be used for that?

piebob
Splunk Employee
Splunk Employee

not completely sure what your situation is, but you could tag the events involved in the alert via Splunk Web. then you can search on the tags for future analysis. you could define standard tags for different incidents or outages, or even for certain types of incidents and outages for use in future situations.

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Abouttagsandaliases

Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...