Monitor recurring situations
If you've read the preceding chapters you have a pretty good idea of how to use Splunk's powerful search capabilities to learn all kinds of things about the event data in your system. But this doesn't help you with the myriad of recurring situations that everyone in IT is faced with on a regular basis. You can't be running searches yourself all of the time.
This is why we've designed Splunk to be the most flexible monitoring tool in your arsenal. Every search you design can be set up to run automatically on a regular schedule. And any scheduled or real-time search can be configured to send alert messages to you and other interested parties when specific circumstances are met. You can base these alerts on a wide range of threshold and trend-based scenarios, including empty shopping carts, brute force firewall attacks, and server system errors.
In this chapter you'll find:
- A nuts-to-bolts explanation of alert creation, for both scheduled and real-time searches.
- A variety of alert use case examples.
- A guide to the Alert Manager, which enables you to manage recently triggered alerts.
- Instruction for setting up scheduled searches--searches that run on a regular interval and which trigger an alert action (such as the sending of an email with search results) each time they run. Scheduled searches are also used for summary indexing.
Supervise your search jobs
Create an alert
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7