Splunk® InfoSec App

User Guide

Manage alerts using the InfoSec app for Splunk

Use the Alerts dashboard to investigate and manage alerts raised by the InfoSec app for Splunk.

Alerts are scheduled searches that run frequently to look for matching events within your data. You can drill-down to the current alerts defined within the InfoSec app and modify or add to them through this dashboard. Consider using the Alert Manager app with the InfoSec app to improve your alert management framework.

You can save any search that you create within the Splunk platform as an alert. All alerts need to include a search schedule. When creating an alert, select the time during which a search can be run. Selecting the cron schedule allows you to set the scheduled frequency as often as every minute.

Do not set up alerts by scheduling a real-time search.

See also

Refer to this video to create a new alert.

Download the Splunk Alert Manager app from Splunkbase.

For more information to define scheduled alerts, see Define scheduled alerts.

Last modified on 29 July, 2021
Display high level security metrics using the InfoSec app for Splunk   Perform a health check using the InfoSec app for Splunk

This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters