Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create alert based on Splunk Dashboard Studio indicators?

Amit79
Loves-to-Learn Everything
‎06-20-2023 01:46 PM

I have below Splunk query which calculates SLI  but I need to create the alert to support group if the SLI values falls below 95 can someone please help me with that? 

SLI I am calculating based on events and how can I generate the alerts when I am tiring this I am not getting Alerts option on to Splunk, appreciate help on this

(index=idx_re2eeur0_v5 host=mpllnx0432 EVENT_GROUP="SHIPMENT" SOURCE_SYSTEM="IIB" TARGET_SYSTEM="GGX" EVENT_MSG="Send a ZLIDCTR*" COMPONENTNAME="RNATLL05")
OR (index=idx_re2eeur0_v5 host=* EVENT_GROUP="SHIPPED" SOURCE_SYSTEM="WMB" TARGET_SYSTEM="SDS" EVENT_MSG="Tech Ack OK received*" COMPONENTNAME="RNATLL05")
| rex field=NATIVEID "...\S...\S(?<DeliveryID>\d+)\/"
| rex field=_raw "\"nativeID\":\"(?<DeliveryID>\d+)\S"
| transaction DeliveryID startswith="Send a ZLIDCTR*" endswith="Tech Ack OK received*"
| stats count as valid_events count(eval(duration<180)) as good_events avg(duration) as averageDuration
| eval sli=round((good_events/valid_events) * 100, 2)
| stats count | where sli < 95

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 01:22 AM

@Amit79 

  • Run this as a search query on the Splunk Search page.
  • Save -> Save as Alert
  • And then set all crieterias as you need it.

 

Reference - https://www.splunk.com/en_us/resources/videos/create-alerts-splunk-enterprise.html 

 

I hope this helps!!!!

 

0 Karma
Reply

Amit79
Loves-to-Learn Everything
‎06-21-2023 09:57 AM

Thank you, I have another question, do you any references or samples to create ticket in servicenow using ITSI plugin, I also need to create if thresholds are breaching

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-21-2023 11:14 AM

I personally don't have much experience with the ITSI plugin but here is some information regarding ITSI with Service Now - https://docs.splunk.com/Documentation/ITSI/4.17.0/EA/ServiceNow

 

Also, I know Service Now Add-on itself can create a SNOW ticket with an alert - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usecustomalertactions

 

I hope this helps!!! Kindly upvote if it does!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...