Docs » Ingest alerts in Splunk Incident Intelligence

Ingest alerts in Splunk Incident Intelligence 🔗

The following options are available for ingesting alerts in Incident Intelligence:

  1. Create a detector for one of the available alert sources in Splunk Observability Cloud to automatically pass alerts. See Available alert sources in Splunk Observability Cloud.
  2. Use the Splunk Incident Intelligence app on Splunkbase to send Splunk Enterprise and Splunk Cloud Platform alerts. See Available alert sources in Splunk Enterprise and Splunk Cloud Platform.
  3. Ingest third-party alerts using an ingest endpoint. See Available ingest endpoints for third-party alerts.

After alerts have been ingested, you can view them on the Alerts tab of Incident Intelligence.

<embed>

<h2 id=”ii-ingest-observability-alerts”>Available alert sources in Splunk Observability Cloud</h2> </embed>

Alert source

Documentation

Splunk APM

See Create detectors to trigger alerts.

Splunk Infrastructure Monitoring

See Create detectors to trigger alerts.

Splunk RUM

See Create a detector.

Splunk Synthetic Monitoring

Available alert sources in Splunk Enterprise and Splunk Cloud Platform

Alert source

Documentation

Splunk Enterprise

See Ingest alerts from Splunk Enterprise and Splunk Cloud Platform.

Splunk Cloud Platform

See Ingest alerts from Splunk Enterprise and Splunk Cloud Platform.

Available ingest endpoints for third-party alerts

Ingest endpoint

Documentation

Amazon CloudWatch

See Ingest Amazon CloudWatch alarms.

Azure Monitor

See Ingest Azure Monitor alerts.

Prometheus

See Ingest Prometheus alerts.

Generic REST alerts

See Ingest generic REST alerts.

Next step

If you are setting up Incident Intelligence for the first time, next you need to create and configure an incident policy. See Create and configure incident policies.