From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Join today to access over 24,900 courses taught by industry experts.
Creating alerts - Splunk Tutorial
From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Creating alerts
- In this section, let's talk about alerts. You can use Splunk to trigger an alert when a threshold is breached, and this can be very useful in IT operations. Alerts are just like scheduled reports, but they have a trigger component, a threshold that you would specify. The alert, when triggered, can email, page, or send an event to an external website. Alerts can be throttled. When you throttle an alert, subsequent alerts won't be triggered until the throttling period expires, and this helps to avoid alert flooding. You can extend the alert action functionality by creating your own custom actions. You need to write some code, but it is not very difficult. Here is a screenshot that shows how to create a basic alert. Simply come up with a search, and click on Save As, Alert. You would need to schedule the alert. After all, you would want to run this search on a periodic basis and then trigger the alert when the threshold is breached. I do recommend using Cron to do the scheduling as it…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.