Use the Alerts panel
CMC provides preconfigured platform alerts for missing forwarders and skipped searches that you can enable. You can also create custom platform alerts using the global Searches, Reports, and Alerts page accessible through the CMC Alerts functionality.
When a CMC platform alert is triggered, Splunk Cloud administrators receive a message in Messages, which is available in the top Splunk Cloud bar. Splunk Cloud administrators can also review alerts on the Triggered Alerts page of the CMC app and the Alerts count column on the Searches, Reports, and Alerts page.
You must be on at least app version 2.1.1 to use the CMC platform alerts functionality. To check the app version, click Support & Services > About. The CURRENT APPLICATION area at the bottom of the About page shows the app's version and build numbers.
Review triggered alerts
To view triggered alerts:
- In the CMC navigation bar, click Alerts > Triggered Alerts.
- The page displays the name of any triggered alert and a timestamp of when it was triggered.
When either preconfigured alert is triggered, CMC displays an alert with a Medium severity level on the Triggered Alerts page.
The table describes the situations that trigger a preconfigured alert and the CMC dashboards to review to take further action.
|SIM Alerts - Missing Forwarders||Runs every 15 minutes and is triggered if there are any forwarders with a status of Missing.||See the Forwarders: Deployment dashboard, especially the Missing Forwarder Alerts and Status and Configuration - As of <current_timestamp> panels.|
|SIM Alerts - Skipped Searches||Runs every 60 minutes and is triggered if the number of skipped searches exceeds 20%.||See the Skipped Scheduled Searches dashboard.|
Review preconfigured alerts
In the CMC navigation bar, click Alerts > Configured Alerts. The table displays the preconfigured CMC alerts, SIM Alerts - Missing Forwarders and SIM Alerts - Skipped Searches, and any custom alerts that you or another Splunk Cloud administrator configured for your organization's deployment. Last Updated shows when an alert was edited.
Click the Enabled toggle to enable or disable an alert.
Click Edit to access the Searches, Reports, and Alerts page. You can view detailed information about an alert and perform specific actions, such as reviewing the alert definition and running the alert.
Do not edit the preconfigured alerts.
Manage CMC Alerts on the Searches, Reports, and Alerts page
To manage CMC platform alerts on the Searches, Reports, and Alerts page, follow these steps:
- Access this page through one of the following methods:
- Click the Edit link adjacent to an alert on the Alerts > Configured Alerts page in the CMC app.
- In the Splunk Cloud bar at the top of the page, click Settings. In the KNOWLEDGE section, click Searches, reports, and alerts.
Create custom alerts
You can also create custom platform alerts using the Searches, Reports, and Alerts page. You can access this page through one of the two methods noted in step one of Manage CMC Alerts on the Searches, reports, and alerts page. Click the New Alert button to define an alert and the corresponding action (for example, send an email to the email account in a Splunk Cloud administrator's profile) to be performed when the alert is triggered.
For more information, see the following:
- Set up alert actions in the Alerting Manual
- The global Alert Actions page. To access this page, in the Splunk Cloud bar at the top of the page, click Settings. In the KNOWLEDGE section, click Alert actions.
Use the Overview dashboard
Use the Indexing dashboards
This documentation applies to the following versions of Splunk Cloud™: 7.2.9, 7.2.10, 8.0.2006, 8.0.2007, 8.1.2008, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104