Docs » AutoDetect in Splunk Observability Cloud

AutoDetect in Splunk Observability Cloud πŸ”—

AutoDetect alerts and detectors are alerts and detectors that Splunk Observability Cloud automatically creates when you have supported integrations configured.

AutoDetect detectors are available for Splunk APM and Splunk Infrastructure Monitoring.

Note

AutoDetect detectors don’t count toward the maximum number of detectors you can have in your organization.

Prerequisites πŸ”—

To use AutoDetect alerts and detectors, you must first send data for integrations and instrumented services. AutoDetect detectors are also configured for some system settings of Splunk Observability Cloud.

See the following topics for more information on how to collect the required data:

Use AutoDetect alerts and detectors πŸ”—

After you’ve set up the supported integrations, AutoDetect alerts and detectors automatically appear on the Alerts page, the Detectors page, and the corresponding navigators for your integrations.

Note

By default, you are not subscribed to receive notifications from AutoDetect. To learn how to subscribe to AutoDetect notifications, see Subscribe to AutoDetect notifications.

View AutoDetect alerts and detectors πŸ”—

You can view AutoDetect detectors on the Alerts page, in a navigator for a service, or in a chart.

To view a complete list of all available AutoDetect alerts and detectors in your organization, do the following:

  1. From the Splunk Observability Cloud home page, go to the Alerts page.

  2. Select the Active Alerts or Detectors tab on the Alerts page. AutoDetect components are indicated by the Auto badge.

    This screenshot shows what an AutoDetect component looks like on the Alerts page.

To view AutoDetect alerts and detectors specific to an instrumented service or integration, do the following:

  1. From the Splunk Observability Cloud home page, go to the APM page.

  2. From the APM overview, click the active alerts for a service.

  3. Select the alert to see more details.

A panel with additional details for the alert appears, as shown in the following image. AutoDetect components are indicated by the Autodetect badge.

AutoDetector details as accessed from the APM Overview page.

If available, AutoDetect detectors are connected to a chart by default. To view AutoDetect detectors related to a chart, do the following:

  1. From the Splunk Observability Cloud home page, go to the Infrastructure page or the Dashboards page.

  2. Select the navigator or dashboard you want to view.

  3. On the navigator or dashboard page, select the bell icon on a chart to see AutoDetect detectors linked to that chart.

    A green dot indicates that there is no alert for the detector. A red dot indicates that the detector has an active alert.

    This screenshot shows where linked AutoDetect detectors are listed for a chart. In this example, there is one AutoDetect detector with a green dot, meaning there is no active alert.

Subscribe to AutoDetect notifications πŸ”—

The procedures for subscribing to AutoDetect alerts and detectors are the same as those for interacting with other alerts and detectors.

To learn how to subscribe to a detector or alert for notifications, see Manage notification subscribers.

Copy and customize an AutoDetect detector πŸ”—

When you customize an AutoDetect detector, Splunk Observability Cloud creates a copy of the original detector for you to apply the customizations.

  • Any changes you make to the customized detector don’t apply to the original AutoDetect detector.

  • Customized detectors created from AutoDetect detectors count toward the maximum numbers of detectors your organization can have. To learn more about detectors limit, see Maximum number of detectors per organization.

  • The default limit for customized detectors per AutoDetect detector is 15. If you want to increase this limit, contact support for help.

To customize a copy of an AutoDetect detector, do the following:

  1. Log in to Observability Cloud.

  2. In the left navigation menu, select Alerts.

  3. Select the Detectors tab on the Alerts page.

  4. In the search field, enter the name of the detector you want to customize.

    For example, to search for the K8s Node Memory Utilization is high detector, start by typing K8s Node. The result lists update automatically as you type.

    This screenshot shows what an searching for an AutoDetect looks like on the Alerts page.
  5. Select the detector you want to customize to open it.

  6. Select Create a Customized Version.

    This screenshot shows the position of the Create a Customized Version button.
  7. Make customizations you want to the detector. For the full list of customizable arguments for each AutoDetect detector, see List of available AutoDetect detectors.

  8. Rename your customized detector to distinguish it from the original detector and any other copy.

  9. Select Activate.

Customized detectors created from AutoDetect detectors are indicated by the Custom badge.

This screenshot shows a customized detector indicated by the Custom badge.

Mute AutoDetect alerts and detectors πŸ”—

The procedures for muting AutoDetect alerts and detectors are the same as those for interacting with other alerts and detectors.

To learn how to create muting rules for alerts and detectors, see Mute alert notifications.

Disable AutoDetect detectors πŸ”—

To disable an AutoDetect detector, do the following:

  1. Log in to Observability Cloud.

  2. In the left navigation menu, select Alerts.

  3. Select the Detectors tab on the Alerts page.

  4. In the search field, enter the name of the detector you want to disable.

    For example, to search for the K8s Node Memory Utilization is high detector, start by typing K8s Node. The result lists update automatically as you type.

    This screenshot shows what an searching for an AutoDetect looks like on the Alerts page.
  5. Select the detector you want to disable to open it.

  6. Select Disable Detector.

    This screenshot shows the position of the Disable Detector button.

After you disable a detector, you can no longer edit it. You need to reenable a disabled detector before making new updates.