Docs » AutoDetect in Splunk Observability Cloud

AutoDetect in Splunk Observability Cloud 🔗

AutoDetect alerts and detectors are read-only alerts and detectors that Splunk Observability Cloud automatically creates when you have supported integrations configured.

AutoDetect detectors don’t count toward the maximum number of detectors you can have in your organization.

Prerequisites 🔗

To use AutoDetect alerts and detectors, you must first connect and send in data for supported integrations. Supported integrations include Amazon Relational Database (Amazon RDS), Kafka, and Kubernetes. AutoDetect detectors are also configured for some system settings of Splunk Observability Cloud.

See the following topics for more information on how to set up each integration:

Use AutoDetect alerts and detectors 🔗

Once you set up the supported integrations, AutoDetect alerts and detectors automatically appear on the Alerts page, the Detectors page, and the corresponding navigators for your integrations.

Note

By default, you are not subscribed to receive notifications from AutoDetect. To learn how to subscribe to AutoDetect notifications, see Subscribe to AutoDetect notifications.

View AutoDetect alerts and detectors 🔗

To view a complete list of all available AutoDetect alerts and detectors in your organization, do the following:

  1. From the Splunk Observability Cloud home page, go to the Alerts page.

  2. Select the Active Alerts or Detectors tab on the Alerts page. AutoDetect components are indicated by the Auto badge.

    This screenshot shows what an AutoDetect component looks like on the Alerts page.

To view AutoDetect alerts and detectors specific to an integration, do the following:

  1. From the Splunk Observability Cloud home page, go to the Infrastructure page.

  2. Click the navigator for the integration you want to view.

  3. On the navigator page, click Alerts or Active Detectors in the Filter bar.

    A sidebar with all alerts related to the content on the page appears, as shown in the following image. AutoDetect components are indicated by the Auto badge.

    This screenshot shows what an AutoDetect component looks like in the Alerts sidebar for a navigator.

Note

In either view, if there is no component with the Auto badge, then you don’t have any integration supported by AutoDetect.

Subscribe to AutoDetect notifications 🔗

The procedures for subscribing to AutoDetect alerts and detectors are the same as those for interacting with other alerts and detectors.

To learn how to subscribe to a detector or alert for notifications, see Manage notification subscribers.

Copy and customize an AutoDetect detector 🔗

When you customize an AutoDetect detector, Splunk Observability Cloud creates a copy of the original detector for you to apply the customizations.

  • Any changes you make to the customized detector don’t apply to the original AutoDetect detector.

  • Customized detectors created from AutoDetect detectors count toward the maximum numbers of detectors your organization can have. To learn more about detectors limit, see Maximum number of detectors per organization.

  • The default limit for customized detectors per AutoDetect detector is 15. If you want to increase this limit, contact support for help.

To customize a copy of an AutoDetect detector, do the following:

  1. From the Splunk Observability Cloud home page, go to the Alerts page.

  2. Select the Detectors tab on the Alerts page.

  3. In the search field, enter the name of the detector you want to customize.

    For example, to search for the K8s Node Memory Utilization is high detector, start by typing K8s Node. The result lists update automatically as you type.

    This screenshot shows what an searching for an AutoDetect looks like on the Alerts page.
  4. Click the detector you want to customize to open it.

  5. Click Create a Customized Version.

    This screenshot shows the position of the Create a Customized Version button.
  6. Make customizations you want to the detector. For the full list of customizable arguments for each AutoDetect detector, see List of available AutoDetect detectors.

  7. Rename your customized detector to distinguish it from the original detector and any other copy.

  8. Click Activate.

Customized detectors created from AutoDetect detectors are indicated by the Custom badge.

This screenshot shows a customized detector indicated by the Custom badge.

Mute AutoDetect alerts and detectors 🔗

The procedures for muting AutoDetect alerts and detectors are the same as those for interacting with other alerts and detectors.

To learn how to create muting rules for alerts and detectors, see Mute alert notifications.

Disable AutoDetect detectors 🔗

To disable an AutoDetect detector, do the following:

  1. From the Splunk Observability Cloud home page, go to the Alerts page.

  2. Select the Detectors tab on the Alerts page.

  3. In the search field, enter the name of the detector you want to disable.

    For example, to search for the K8s Node Memory Utilization is high detector, start by typing K8s Node. The result lists update automatically as you type.

    This screenshot shows what an searching for an AutoDetect looks like on the Alerts page.
  4. Click the detector you want to disable to open it.

  5. Click Disable Detector.

    This screenshot shows the position of the Disable Detector button.

Once you disable a detector, you can no longer edit it. You need to re-enable a disabled detector before making new updates.