Alerts data
Alerts data refers to the digital records generated by software systems or security tools to notify users or administrators about significant events, conditions, or anomalies that require attention. These records are triggered when predefined thresholds, rules, or patterns are detected, often indicating errors, warnings, policy violations, performance issues, or security threats.
Key characteristics of alerts data include that it is:
- Event-driven: Generated in response to specific triggers or rules.
- Actionable: Intended to prompt investigation or remedial action.
- Timestamped: Include date and time for incident tracking.
- Categorized: Often classified by severity (for example, informational, warning, critical).
- Detailed: Contain information about the source, nature, and context of the event.
Alerts data typically includes:
- Security alert: For more information, see data descriptors such as intrusion detection, malware, vulnerability detection, and others.
- System performance alert: For more information, see performance data.
- Application error alert: For more information, see application data.
- Compliance alert: For more information, see compliance and governance data.
- User activity alert: For more information, see user activity data.
- Network alert: For more information, see network traffic data, network communication data, or any of the other network data descriptors.
The Splunk Common Information Model (CIM) add-on contains an Alerts data model with fields and tags that describe the alerts produced by alerting systems, such as Nagios or NetCool, for use in Splunk correlation searches or dashboards. They are not to be used to describe Splunk Alerts or Notable Events, which are already modeled in other contexts.
Add-ons and apps
Use cases for the Splunk platform
Use cases for Splunk security products
- Using risk-based alerting and detection in Enterprise Security 8.0
- Understanding the Event Sequencing engine
- Sharing data between Splunk Enterprise Security and Splunk ITSI
- Detecting AWS security hub alerts
- Investigating interesting behavior patterns with risk-based alerting
- Implementing risk-based alerting
- Creating an incident workflow in Splunk Enterprise Security
- Monitoring security events with Enterprise Security and Microsoft Copilot for Security
Use cases for Splunk Observability Cloud
- Managing the lifecycle of an alert: from detection to remediation
- Creating SLOs and tracking error budgets with SignalFlow
- Combining multiple detector conditions into a single detector
- Combining multiple compound detector conditions into a single detector
- Using Azure DevOps integrations for events and alerting
- Sending Splunk Observability Cloud alerts to a Webex space
Use cases for Splunk ITSI
- Splunk IT Service Intelligence Owner's Manual
- The definitive guide to best practices for ITSI
- Troubleshooting service problems using ITSI Service Analyzer
- Adopting ITSI capabilities strategically
- Building multi-KPI alerts in Splunk ITSI
- Choosing KPI base searches over ad hoc searches
- Configuring notable event timestamps to match raw data
- Deploying predictive analytics at the right time
- Limiting the number of KPIs per service
- Moving to observability with ITSI
- Reviewing your ITSI environment
- Using SRE golden signals for KPIs
- Using the correct KPI statistical functions for alerting
- Using the Monitoring and Alerting Content Pack
- Checking for event time indexing
- Checking for KPI search success
- Maintaining service entities
- Maintaining adaptive thresholds
- Monitoring for KPI search lag
- Utilizing policies other than the default policy
- Using the Content Pack for ITSI Monitoring and Alerting for policy management
- Building your own custom threshold templates
- Understanding the less exposed elements of ITSI
- Knowing proper adaptive threshold configurations
- Understanding anomaly detection in ITSI
- Using caution when cascading service health scores upwards
- Improving Smart Mode usage in ITSI
- Using dynamic entity rule configurations
- Pushing alerts to the Splunk platform and ITSI
- Using service sandboxes in Splunk ITSI
- Accelerating ITSI event management