Set up anomaly alerts for Splunk Edge Hub OS
The Splunk OT Intelligence comes with sample alerts that notify you when an anomaly occurs with your Splunk Edge Hub metrics. These alerts are deactivated by default.
These alerts are based on saved searches that use the default indexes you created during the setup process. They return results based on anomaly metrics reported.
Prerequisites
Before turning on anomaly detection alerts, complete the following:
- Complete the steps at Installation and configuration overview for Splunk Edge Hub OS.
- Complete the steps at Turn on anomaly detection.
- Update the upload rates according to your desired metrics. Keep in mind the frequency, trigger conditions and actions, and target users and roles that best suit your monitoring scenarios.
To configure trigger actions, see Set up alert actions in the Splunk Enterprise Alerting Manual.
Turn on anomaly alerts
You can find the alerts in Settings then Searches, Reports and Alerts by filtering the App by Splunk OT Intelligence (splunk-app-ar) and setting Owner to Nobody.
Once enabled, the alerts run every 1 minute and capture the occurrences from the last 30 seconds. The trigger conditions are configured with a throttle setting that limits the notifications to fire every 3 minutes.