Alerting

How can I be included in my cloud stack alerts?

WhitneySink
Splunk Employee
Splunk Employee

I have team members that receive notifications when our environment is undergoing maintenance.  Should I be getting those?  What is an Operational Contact and should I be added as one?

Labels (2)
0 Karma
1 Solution

WhitneySink
Splunk Employee
Splunk Employee

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

View solution in original post

0 Karma

WhitneySink
Splunk Employee
Splunk Employee

Operational Contacts are a subgroup of Account Contacts who are notified when a Splunk Cloud environment undergoes maintenance or experiences a performance-impacting event.

Operational Contacts should be any Splunk Cloud end user who is affected by service downtime - this might include the IT and security teams as well as any users of the product. All of these contacts will receive notifications of planned and unplanned downtime, including scheduled maintenance window alerts and email updates related to incident-triggered cases.

To manage the Operational Contacts for your Cloud Stack, start by logging into your support portal, navigate to the "My Operational Contacts" section and follow the instructions.  If you need more assistance, you can visit:  https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Support_portal.

If you are still trying to determine if you should be an Operational Contact, it may be helpful to review examples of alert email subject lines to determine if these are the sort of messages you should or would want to receive:

Example subject line: alert_search_distributed_bundle_size_P2 on searchheadID.instanceName.splunkcloud.com is CRITICAL

Possible reason you would receive this message: Search bundle size has exceeded X% of the maxBundleSize limit defined on the Search Head or max_content_length on indexers

Example subject lineindexerID.instanceName.splunkcloud.com is DOWN
Possible reason you would receive this message: PING CRITICAL - Packet loss = 100%

Example subject line: Proactive alert notification
Possible reason you would receive this message: This alert may indicate a potential impact to your Search Head and we are investigating appropriately. We are proactively raising a case for your instance so our team may assist you with addressing any issues.

0 Karma

WhitneySink
Splunk Employee
Splunk Employee

Want more information?  Check out this short video on Operational Contacts!

0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...