Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create alert based on Splunk Dashboard Studio indicators?

Amit79
Loves-to-Learn Everything
‎06-20-2023 01:46 PM

I have below Splunk query which calculates SLI  but I need to create the alert to support group if the SLI values falls below 95 can someone please help me with that? 

SLI I am calculating based on events and how can I generate the alerts when I am tiring this I am not getting Alerts option on to Splunk, appreciate help on this

(index=idx_re2eeur0_v5 host=mpllnx0432 EVENT_GROUP="SHIPMENT" SOURCE_SYSTEM="IIB" TARGET_SYSTEM="GGX" EVENT_MSG="Send a ZLIDCTR*" COMPONENTNAME="RNATLL05")
OR (index=idx_re2eeur0_v5 host=* EVENT_GROUP="SHIPPED" SOURCE_SYSTEM="WMB" TARGET_SYSTEM="SDS" EVENT_MSG="Tech Ack OK received*" COMPONENTNAME="RNATLL05")
| rex field=NATIVEID "...\S...\S(?<DeliveryID>\d+)\/"
| rex field=_raw "\"nativeID\":\"(?<DeliveryID>\d+)\S"
| transaction DeliveryID startswith="Send a ZLIDCTR*" endswith="Tech Ack OK received*"
| stats count as valid_events count(eval(duration<180)) as good_events avg(duration) as averageDuration
| eval sli=round((good_events/valid_events) * 100, 2)
| stats count | where sli < 95

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 01:22 AM

@Amit79 

  • Run this as a search query on the Splunk Search page.
  • Save -> Save as Alert
  • And then set all crieterias as you need it.

 

Reference - https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html 

 

I hope this helps!!!!

 

0 Karma
Reply

Amit79
Loves-to-Learn Everything
‎06-21-2023 09:57 AM

Thank you, I have another question, do you any references or samples to create ticket in servicenow using ITSI plugin, I also need to create if thresholds are breaching

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 11:14 AM

I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now - https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow

 

Also, I know Service Now Add-on itself can create a SNOW ticket with an alert - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions

 

I hope this helps!!! Kindly upvote if it does!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...