- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Is there a way of making an Alert condition co...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have used a Search string in the Alert condition, which triggers an Alert if some count goes beyond a particular threshold, say 50. What should be done if we want a User to be able to modify this threshold manually, via a Dashboard? Can a token from a Dashboard be passed to an Alert condition?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have done this with an lookup file.
created it in the dashboard via | outputlookup and used the | inputlookup in the alert search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have done this with an lookup file.
created it in the dashboard via | outputlookup and used the | inputlookup in the alert search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using a look-up though, is it possible to keep a track of all modifications to the thresholds?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
use summary indexes for this or be patient.....there will be an awesome app available which can handle such things 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Haha 🙂 Hmm...summary index is another great option, thanks..!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey SwatiApte, using output input lookup tables simply creates a CSV file which, if you wanted to you could input and then display in a table.
What Ppape is saying is if you create the dashboard and the alert, but set the alert to input the CSV and get the latest value from it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Mark, what I meant was, using an Output Look-up, we are creating (or replacing) a CSV file each time the User modifies a threshold using an Input on the dashboard, so is there no way I could keep a track of what modifications were made to the look-up file and by whom?
- Swati
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh okay, perfect! Thanks!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
