Splunk® Business Flow (Legacy)

User Manual

Splunk Business Flow is no longer available for purchase as of June 20, 2020. Customers who have already purchased Business Flow will continue to have support and maintenance per standard support terms for the remainder of contractual commitments.

Create Notifications on your Filter Set

In SBF, you can create a Notification on your Filter Set that notifies you when Journeys in your Filter Set meet your defined trigger conditions. You can create up to two Notifications per Filter Set. In the Notifications tab, you can view the Journeys that triggered the Notification, and see the associated Filter set and Flow. Enable email Notifications to receive an update when a change in Journeys triggers a Notification in your Filter Set. For access to Notifications, upgrade to SBF version 1.1.x.

Journey thresholds in Notifications

When you create a Notification, you select either an absolute or relative threshold. Let's take a look at two examples of an absolute versus relative Journey threshold.

Relative threshold

Suppose you own the call center Flow at your company. You want to know when the average hold time is greater than five minutes. You select path duration from steps call queued to call answered, and a range greater than five minutes. When you create a Notification, if you set a relative threshold of greater than 30%, you are notified when greater than 30% of the Journeys in your Flow contain a path duration of greater than 5 minutes between call queued and call answered.

Absolute threshold

Suppose you own the sales Flow for your company. Your department set a quarterly goal to close ten deals. In your Flow, you select the plus sign next to the step Deal closed under the Step filter to see all Journeys in your Flow that contain the step Deal closed. Next, you create a Notification with the absolute threshold of equal to 10.

Create Notifications on your Filter Set

When you save a Filter Set, you can create up to two Notifications. The time range you select for your Flow is saved in your Filter Set. When you create a Notification, SBF runs a scheduled search and notifies you if Journeys meet the conditions of your Notifications. Select a relative time range so that the scheduled search scans new Journeys.

Follow these steps to create a Notification.
Prerequisites

  • To add Filter Sets and create Notifications, you need to save your work as a Flow.
  • To create a notification in SBF, you need to have either the SBF sbf_modeler role, or the Splunk Enterprise power role.
  • To use the email Notification function, you need to configure email Notification for your Splunk instance. For more, see Email notification action in the Splunk Enterprise Alerting Manual.

Steps

  1. In the time range picker, select a relative time range.
  2. From the Filter Sets menu, select Save as in the Filter Set menu.
  3. Enter a name for your Filter Set.
  4. (Optional) Enter a description.
  5. Click Add Notification.
  6. Enter a name for your Notification.
  7. Select a schedule.
    The Notification runs a scheduled search on the schedule you select. For example, suppose you select a schedule of every hour. SBF runs a scheduled search every hour and triggers a Notification when the number, or, percentage of Journeys in your Filter Set meets your defined trigger conditions.
  8. Set the trigger condition for your Notification:
    1. Set the trigger condition for your notification. The notification triggers when the number or percentage of Journeys is greater than, less than, or equal to the number you enter.
    2. Enter the number, or percentage of Journeys.
  9. Select the severity.
  10. (Optional) Enter an email to receive an email Notification.
  11. Click Save.

View your Notifications

In the Notifications tab, you can view the Journeys that triggered the Notification, and the associated Filter Set and Flow.

  1. Click the bell icon to open the Notifications tab.
    The Notifications tab lists all of the triggered notifications, the trigger time, severity, associated Filer Set and Flow, and Journey count.
    • Click the Notification name to view the set of Journeys that triggered the Notification.
    • Click the Filter Set name to view the Flow with the Filter Set applied to the Notification.
    • Click the Flow name to view the Flow associated with the Notification.

Tutorial

The following tutorial walks through how to create a Notification on your Flow. This tutorial uses data from the fictitious Buttercup Games Store. The Buttercup Games Store dataset has three data sources: web-6.txt, order.txt, and call-center.txt.

Suppose you are a business analyst at the fictitious Buttercup Games Store. When exploring your call center Flow, you notice an increase in calls placed to the Buttercup Support call center. You create a Flow with the combined results of the order, call center, and weblogs to try to determine why customers are calling support. You discover that a number of Journeys are diverted by errors and declined payments at checkout. Your manager asks you to create a Notification to determine when the percentage of unsuccessful Journeys is greater than 5%.

In this tutorial, you will apply filters to view the Journeys affected by errors, or declined purchases, and create a Notification on your Filter Set.

Create a Notification for when unsuccessful Journeys are greater than 5%

Prerequisites

  1. If you did not complete the Getting Started Tutorial, download the Game_store.zip file. Do not uncompress the file. To upload the Game Store data into the Splunk platform, see Upload the tutorial data in the the Getting Started Tutorial.
  2. Create a Flow Model with the following definition. For directions on how to create a Flow Model, see Create a Flow Model.
    1. Search:

      | multisearch [search index = tutorial sourcetype = web-6] [search index = tutorial sourcetype = call_center |eval action = queue] [search index = tutorial sourcetype = order | eval action = status]

    2. Correlation IDs: agent_id, customer_id, order_id
    3. Step: action
  3. Save your Flow Model as a Flow named Notification Tutorial. For directions on how to save your Flow, see Save and mange your Flow.

Steps

  1. In SBF, click the home icon.
  2. Click Explore on the Notification Tutorial Flow.
  3. In the Filter panel, click Followed by.
  4. Select Submit.
  5. Select Eventually Followed by.
  6. Select Error and Declined.
    The Flowchart shows all Journeys that contained step Submit eventually followed by Error, or Declined.
  7. Click Unsaved Filter Set > Save in the Filter Set menu.
  8. Enter a Filter Set name.
  9. (Optional) Enter a description.
  10. Enter a Notification name.
  11. Select Run every hour for the schedule.
  12. Select Greater than 5%.
  13. Select severity High.
  14. (Optional) Type your email, for email Notifications.
  15. Click Save.

View and manage your Notification

Click the bell icon to view triggered Notifications. To edit your Notification in the associated Filter Set:

  1. In the Filter Set dropdown, click the pencil icon on the Filter Set associated with the notification you want to edit.
  2. Edit the Notification.
  3. Click Save.
Last modified on 17 December, 2019
Save and manage Filter Sets   Manage Notifications

This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters