Built-in alert conditions đź”—
When you create rules in detectors to specify conditions that trigger alerts, Splunk Infrastructure Monitoring provides a number of built-in conditions that detect common problem scenarios. Many of these alert conditions provide more powerful ways of monitoring signals than the standard practice of comparing a signal to a static threshold.
The following table summarizes the available built-in alert conditions. To learn more about each condition, select the name of the condition.
Condition |
Description |
Example |
|---|---|---|
Alert when a signal crosses a static threshold |
Availability over the last day is below 99.9. |
|
Alert when a signal has stopped reporting for some time |
|
|
Detect when a signal is projected to reach a specified minimum or maximum value |
|
|
Alert when the signal from one data source differs from similar data sources |
The number of logins in the last 10 minutes for this instance is 3 standard deviations lower than other instances in the same AWS availability zone. |
|
Alert when a signal is different from its normal behavior (based on mean of preceding window or percentile of preceding window) |
All the values for |
|
Alert when a signal differs by a specified amount when compared to similar periods in the past |
The average number of logins in the last 2 hours is 3 standard deviations higher than the average for this same 2 hours last week. |
|
Alert when a signal crosses another signal, or when you want to specify compound conditions using AND and OR operators. |
The value for |