Solved: Alert Manager: How to assign a priority based on s...

redacted · ‎11-09-2016

How to assign a priority based on search?

Is it possible to assign a priority based on a search, similar to the way you can assign a user? Or used to be able to as per: https://answers.splunk.com/answers/426909/alert-manager-how-to-assign-a-certain-incident-to.html

Thanks

redacted · ‎12-20-2016

from the alert manager gui

Default urgency for incidents of this alert.
Note: The urgency can be overriden by a field from search results named 'urgency'. Later, the alert manager calculates a priority based on the impact and urgency.

View solution in original post

redacted · ‎12-20-2016

from the alert manager gui

Default urgency for incidents of this alert.
Note: The urgency can be overriden by a field from search results named 'urgency'. Later, the alert manager calculates a priority based on the impact and urgency.

redacted · ‎12-20-2016

so far I have been able to get this

index=main name=bad thing threat>=80 threat<=100 ( alert is created high)
index=main name=bad thing threat>=40 threat<=79 (alert is created med)
index=main name=bad thing threat>=0 threat<=39 (alert is created low)

the threat is a field that I am parsing in my alert search query, unfortunately I have to use 3 searches if not 5 for all of the alert manager "priority" options on the incident posture

Alert Manager: How to assign a priority based on search?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life