Skip to main content
Splunk Lantern の記事が日本語で利用できるようになりました。.

ここをクリック もっと詳しく知りたい!
Lantern Home
 
 
 
Splunk Lantern

Sending Splunk Observability events as Alert Actions from Splunk IT Service Intelligence

  1. Last updated
  2. Save as PDF

 

It can be helpful for Splunk Observability Cloud users to be identified of issues in Splunk ITSI, even if they don't have access to use Splunk ITSI. An Splunk Observability Cloud Alert Action can be used to send those users a notification. For example, you can send your developers a notification telling them that Splunk ITSI’s KPIs have identified an issue with an SAP entity that your developers’ software depends on to track inventory.

This is only one example use case. You can apply this use case to any data within Splunk and data correlated by Splunk ITSI. Other common use cases can use this same method to pass context from Splunk ITSI business services and KPIs into Splunk Observability Cloud.

  1. Download the Splunk Observability Cloud Alert Action for Splunk from Splunkbase.
  2. From the Apps drop-down menu, select Splunk Observability Cloud Alert Action for Splunk, then click on Configuration.
  3. Enter your Splunk Observability Cloud API token.

  1. Create and schedule your alert as normal. Here is an example of the alert setup:

To find KPI search results and alert events which form the basis for your Alert Action, you can check these indexes in Splunk ITSI:

  • itsi_summary
  • anomaly_detection
  • itsi_grouped_alerts

  1. At the bottom of your alert setup, click Add New Response Action then choose the Observability Events alert action.

  1. Input the fields you would like to pass as dimensions into Splunk Observability Events.

  1. In Splunk Observability Cloud, open the dashboard that you'd like to overlay event data on. In the Event Overlay drop-down, choose an Event Overlay to match your event name. You can use asterisks (*) to work as wildcards.

  1. In your chart options, enable Show events as lines and Show data markers for overlaying events on that chart.

Events will now be overlaid on your chart.

Next steps

These resources might help you understand and implement this guidance:

Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at ondemand@splunk.com if you require assistance.