Dashboards & Visualizations

Is there a way of making an Alert condition configurable so a user can modify a threshold on a dashboard?

SwatiApte
Path Finder

We have used a Search string in the Alert condition, which triggers an Alert if some count goes beyond a particular threshold, say 50. What should be done if we want a User to be able to modify this threshold manually, via a Dashboard? Can a token from a Dashboard be passed to an Alert condition?

0 Karma
1 Solution

PPape
Contributor

I have done this with an lookup file.

created it in the dashboard via | outputlookup and used the | inputlookup in the alert search.

View solution in original post

PPape
Contributor

I have done this with an lookup file.

created it in the dashboard via | outputlookup and used the | inputlookup in the alert search.

SwatiApte
Path Finder

Using a look-up though, is it possible to keep a track of all modifications to the thresholds?

0 Karma

MuS
SplunkTrust
SplunkTrust

use summary indexes for this or be patient.....there will be an awesome app available which can handle such things 😉

0 Karma

SwatiApte
Path Finder

Haha 🙂 Hmm...summary index is another great option, thanks..!

0 Karma

markthompson
Builder

Hey SwatiApte, using output input lookup tables simply creates a CSV file which, if you wanted to you could input and then display in a table.
What Ppape is saying is if you create the dashboard and the alert, but set the alert to input the CSV and get the latest value from it.

0 Karma

SwatiApte
Path Finder

Thanks Mark, what I meant was, using an Output Look-up, we are creating (or replacing) a CSV file each time the User modifies a threshold using an Input on the dashboard, so is there no way I could keep a track of what modifications were made to the look-up file and by whom?

  • Swati
0 Karma

SwatiApte
Path Finder

Oh okay, perfect! Thanks!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...