It can be helpful for Splunk Observability Cloud users to be identified of issues in the Splunk platform, even if they don't have access to use Splunk platform. A Splunk Observability Cloud Alert Action can be used to send those users a notification. For example, Splunk Observability Cloud users might need to be aware of events in security indexes that are alerted on in Splunk Cloud Platform. A Splunk Observability Cloud Alert Action can send your developers a notification that a vulnerability has been identified in their code.
Similar context sharing can be applied to any data within Splunk, including Splunk ITSI or other Splunk app data. Other common use cases may include:
- CI/CD deployments and status
- Rare but important error exceptions
- Notifying developers in Splunk Observability Cloud of outages in on-premises infrastructure
- Any other issues monitored by Splunk that may impede development work
To enable this information sharing, you want to be able to pass context from the Splunk platform to Splunk Observability Cloud.
- Download the Splunk Observability Cloud Alert Action for Splunk from Splunkbase.
- From the Apps drop-down menu, select Splunk Observability Cloud Alert Action for Splunk, then click on Configuration.
- Enter your Splunk Observability Cloud API token.
- Create and schedule your alert as normal. Here is an example of the alert setup:
- At the bottom of your alert setup, there is the option to Add Actions for the alert to undertake when it fires. Choose the Observability Events Alert Action.
- Input the fields you would like to pass as dimensions into Splunk Observability Events.
- In Splunk Observability Cloud, open the dashboard that you'd like to overlay event data on.
- In the Event Overlay drop-down, choose an Event Overlay to match your event name. You can use asterisks (*) to work as wildcards.
- In your chart options, enable Show events as lines and Show data markers for overlaying events on that chart.
Events will now be overlaid on your chart.
These resources might help you understand and implement this guidance:
- Splunk Docs: Create a scheduled alert (Splunk Enterprise and Splunk Cloud Platform)
- Splunk Docs: Add information to a dashboard
- Splunk Docs: Create and manage organization access tokens using Splunk Observability Cloud
Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.