Add context to metrics using events đź”—
An event, or event time series (ETS), is a specific occurrence that can be represented in Splunk Observability Cloud outside of the flow of streaming metrics. Events provide context to metric data.
Events are very basic. You can’t apply analytic functions to events, but you can plot them based on their metadata.
Create events đź”—
In Splunk Observability Cloud, you can create events in several ways.
Events are created whenever a detector triggers an alert. A second event is created when the alert clears, is manually resolved, or is stopped due to the detector being edited or deleted.
A SessionLog event is created when a user logs into or out of your organization. The SessionLog event notes the action, either “session created” or “session deleted”, and the ID of the user who created the session.
A custom event is created when you capture and send an event to Splunk Observability Cloud. For example, you might send a custom “code push” event each time your development team deploys new code, so that you can correlate it with the resource consumption profiles of your infrastructure before and after the event.
Event types đź”—
Each event is an instance of an event type. An event type is a reusable event name that groups together events that you want to show as a stream or series, such as code pushes.
By reusing event types, you can add an event type to a chart, then view all events that occurred for that event type. You can also create custom events to record specific actions.
View events đź”—
You can add any of the event types described in Create events to a chart (see View events on a chart) or to an event feed chart on a dashboard.
The events list in the sidebar indicates the severity of each event and whether it was a trigger event (solid triangle) or clear event (hollow triangle). The sidebar also indicates if an event was a custom event (hollow diamond).
When you hover over an event in the Event Feed sidebar, a vertical line is shown in all the charts at the time the event occurred. The event line makes it easy for you to visualize correlations between metric values and the event.
When you click an event in the Event Feed sidebar, you can see details about the event and, for events associated with alerts, an option to open the detector that generated the event. If the event is associated with a currently active alert, you’ll also see an option to resolve the alert.
Note
You can also overlay event markers onto charts on a dashboard.
Create custom events đź”—
Custom events are usually generated through an integration with another service, or through the REST API, and are sent to Splunk Observability Cloud when specific events happen outside Observability Cloud. Read more on custom events in our developer portal.
You can also create custom events manually, which you can display on charts alongside other events. To create custom events, select New event in the Events sidebar or add custom events while using the Chart Builder. To learn more, see Manually add custom events.
Custom events are retained in the platform for a year.
Create a new event from the sidebar đź”—
In the Create Event dialog box, start typing to see a list of event types to choose from. You can also create a new event type by clicking the tooltip.
Enter the time and describe the event. You can use Markdown as well as plain text in the description. To save the new custom event and the event type (if you’ve created one) click Create.
Delete custom events đź”—
You can only delete custom events. Events generated by detectors can’t be deleted.
To delete custom events:
Locate and open the custom event:
In the Event Feed sidebar, available from within any dashboard, click on a custom event.
When viewing or editing an event feed, click on a custom event.
Click Mark For Deletion to delete the event.
Note
Events might not be deleted immediately.