List of available AutoDetect detectors

Reference of available AutoDetect detectors and their customizable arguments.

The following sections provide a reference for AutoDetect detectors and their customizable settings. To learn more about the SignalFlow functions underlying these detectors, see the SignalFlow library on GitHub. To learn how to customize an AutoDetect detector, see Copy and customize AutoDetect alerts and detectors.

Splunk APM - Request, error, duration (RED) detectors

The RED detectors have built-in seasonality-aware logic that automatically adapts to your application's unique traffic patterns to eliminate manual configuration and reduce alert noise​. Seasonaity-aware means that these detectors:

  • Understand normal daily and weekly patterns
  • Alert only on meaningful change, not minor wiggles
  • Alert only on persistent, sustained changes

Error rate increased

Description

Alerts when error rate increases, compared to historical error rates. The alert fires when the current error rate remains above the headroom-scaled maximum of the 80th percentile of the error rate over the last 12 hours, the same time yesterday (2-hour window), or the same time a week ago (2-hour window), subject to a minimum heuristic floor.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument Description Default value
Minimum alert threshold The detector does not trigger an alert when the error rate is below this value, in errors per second. 30 eps
Sensitivity A unitless slider with values from 0.0 to 1.0. Use this to control the volume of alerts you receive. Lower values generate fewer alerts. 0.5
Filters Specifies dimensional scope of the detector. None

Latency degradation

Description

Alerts when latency degrades, compared to historical latency. The alert fires when the current P90 latency remains above the headroom-scaled maximum of the 80th percentile of the P90 latency over the last 12 hours, the same time yesterday (2-hour window), or the same time a week ago (2-hour window), subject to a minimum heuristic floor.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument Description Default value
Minimum alert threshold The detector does not trigger an alert when the P90 latency is below this value, in milliseconds. 500 ms
Sensitivity A unitless slider with values from 0.0 to 1.0. Use this to control the volume of alerts you receive. Lower values generate fewer alerts. 0.8
Filters Specifies dimensional scope of the detector. None

Request rate dropped

Description

Alerts when request rate drops, compared to historical request rates. The alert fires when the current request rate remains below the sensitivity-scaled minimum of the 5th percentile of the request rate over the last 2 hours, the same time yesterday (2-hour window), or the same time a week ago (2-hour window); fires only if the current request volume is above a heuristic floor.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument Description Default value
Minimum alert threshold The detector does not trigger an alert when the request rate is below this value, in requests per second. 30 rps
Sensitivity A unitless slider with values from 0.0 to 1.0. Use this to control the volume of alerts you receive. Lower values generate fewer alerts. 0.7
Filters Specifies dimensional scope of the detector. None

Service latency

Description

Alerts when there is a sudden change in service latency. By default, the alert fires when the latency in the last ten minutes (current window) exceeds the baseline of the preceding hour (historical window) by more than 5 deviations. The alert clears when the latency goes back to less than 4 deviations above the norm.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Current window

Time window to test for anomalous values, in minutes.

10m

Historical window

Time window to use for historical normal values, in hours.

1h

Trigger threshold

Triggers the alert when the current value is greater than the specified number of deviations above historical data.

5

Clear growth threshold

Clear the alert when the current value is less than the specified number of deviations above historical data.

4

Minimum request per second (% of history)

Minimum request rate, as a percentage of historical request rate, required in the current window to trigger the alert. This prevents alerts for sparse data.

20

Filters

Dimensions you want to add to the detector.

None

Service error rate

Description

Alerts when a sudden change in service error rate occurs. By default, the alert fires when the error rate in the last ten minutes (current window) exceeds the baseline of the preceding hour (historical window) by more than 100%. The alert clears when the error rate goes back to less than 80% above the norm.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Current window

Time window to test for anomalous values, in minutes.

10m

Historical window

Time window to use for historical normal values, in hours.

1h

Trigger threshold

Triggers the alert when the current value is greater than the specified percentage above historical data.

100

Clear threshold

Clear the alert when the current value is less than the specified percentage above historical data.

80

Minimum request volume

Minimum number of requests in the current window. This prevents alerts for sparse data.

10

Filters

Dimensions you want to add to the detector.

None

Service request rate

Description

Alerts when a sudden change in request rate occurs. By default, the alert fires when the request rate in the last ten minutes (current window) exceeds the baseline of the preceding hour (historical window) by more than 3 deviations. The alert clears when the request rate goes back to less than 2.5 deviations above the norm.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Current window

Time window to test for anomalous values, in minutes.

10m

Historical window

Time window to use for historical normal values, in hours.

1h

Trigger threshold

Triggers the alert when the current value is greater than the specified number of deviations above historical data.

3.0

Clear growth threshold

Clear the alert when the current value is less than the specified number of deviations above historical data.

2.5

Filters

Dimensions you want to add to the detector.

None

Splunk IM - AWS detectors

AWS/RDS free disk space is going to run out

Description

Alerts when RDS free disk space is expected to run out in the next 48 hours.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for space running out (in hours)

48

Sensitivity

Sensitivity of the alerting

80% of 10m

Clear threshold

Clear threshold for space running out (in hours)

96

Filters

Dimensions you want to add to the detector

None

AWS ALB: Sudden change in HTTP 5xx server errors

Description

Alerts when there is a sudden change in the number of HTTP 5xx server error codes that originate from the load balancer. By default, the alert fires when the change in HTTP 5xx server error count in the last ten minutes (current window) exceeds the baseline of the preceding hour (historical window) by more than 3.5 deviations.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Current window

Time window to test for anomalous values (in minutes)

10m

Historical window

Time window to use for historical normal values (in hours)

1h

Trigger threshold

Triggers the alert when the current value is greater than the specified number of deviations above historical data.

3.5

Filters

Dimensions you want to add to the detector.

None

AWS EC2 - Disk utilization expected to reach the limit

Description

Alerts when AWS EC2 disk utilization is above its designated threshold.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Specifies trigger threshold in % for disk utilization

80%

Trigger sensitivity

Sensitivity for alerting associated with the trigger threshold

80% of 10m

Clear threshold

Specifies clear threshold in % for the CPU utilization

80%

Clear sensitivity

Specifies clear sensitivity associated with clear threshold

80% of 10m

Filter

Specifies dimensional scope of the detector

None

AWS Route 53: Health checkers’ connection time took over 9 seconds

Description

Alerts when Amazon Route 53 health checkers’ connection time took more than 9 seconds for the past 2 minutes.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for long connection time (in milliseconds)

9000

Sensitivity

Sensitivity of the alerting

100% of 2m

Clear threshold

Clear threshold for long connection time (in milliseconds)

8000

Clear sensitivity

Clear sensitivity of the alerting

100% of 2m

Filters

Dimensions you want to add to the detector

None

AWS Route 53: Unhealthy status of health check endpoint

Description

Alerts when the status of Amazon Route 53 health check endpoint is unhealthy. By default, the alert fires when the health check endpoint has been unhealthy for 80% of the past 10 minutes. The alert clears when the health check endpoint has been healthy for 80% of the past 10 minutes.

SignalFlow function

See the function in SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Sensitivity

Sensitivity of the alerting

80% of 10m

Clear sensitivity

Clear sensitivity of the alerting

80% of 10m

Filters

Dimensions you want to add to the detector

None

Splunk IM - Azure detectors

Azure - CPU utilization expected to reach the limit

Description

Alerts when Azure CPU utilization of the elastic pool is above its designated threshold.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Specifies trigger threshold in % for CPU utilization

80%

Trigger sensitivity

Sensitivity for alerting associated with the trigger threshold

80% of 10m

Clear threshold

Specifies clear threshold in % for the CPU utilization

80%

Clear sensitivity

Specifies clear sensitivity associated with clear threshold

80% of 10m

Filter

Specifies dimensional scope of the detector

None

Azure - eDTU utilization expected to reach the limit

Description

Alerts when eDTU (elastic Data Transaction Unit) utilization is above its designated threshold.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Specifies trigger threshold in % for the eDTU utilization

80%

Trigger sensitivity

Specifies sensitivity associated with the trigger threshold

80% of 10m

Clear threshold

Specifies clear threshold in % for the eDTU utilization

80%

Clear sensitivity

Specifies sensitivity associated with the clear threshold

80% of 10m

Filter

Specifies dimensional scope of the detector

None

Azure - Storage utilization expected to reach the limit

Description

Detects when storage utilization of elastic pool is above its desginated threshold.

SignalFlow function

See the function in the SignalFlow library repository on GitHub.

Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Specifies trigger threshold in % for the storage utilization

80%

Trigger sensitivity

Specifies sensitivity associated with the trigger threshold

80% of 10m

Clear threshold

Specifies clear threshold in % for the storage utilization

80%

Clear sensitivity

Specifies sensitivity associated with the clear threshold

80% of 10m

filter

Specifies dimensional scope of the detector

None

Splunk IM - Kafka detectors

Kafka - Partition is under-replicated

Description
Alerts when at least one Kafka partition is under replicated for at least 5 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for number of under replicated partitions

0

Sensitivity

Sensitivity of the alerting

100% of 5m

Filters

Dimensions you want to add to the detector

None

Kafka - No Active Controller

Description
Alerts when there is no active controller in a cluster.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Filters

Dimensions you want to add to the detector

None

Kafka - Offline partitions on a broker

Description
Alerts when there is no active leader for a partition, and the partition cannot be read from or written to.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for number of offline partitions

0

Filters

Dimensions you want to add to the detector

None

Kafka - Consumer Group lag

Description
Alerts when a consumer group has been lagging behind the latest offset by 100 for 2 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for the consumer group lag

100

Sensitivity

Sensitivity of the alerting

100% of 2m

Clear threshold

Clear threshold for the consumer group lag

100

Clear sensitivity

Clear sensitivity of the alerting

100% of 5m

Filters

Dimensions you want to add to the detector

None

Splunk IM - Kubernetes detectors

K8s cluster DaemonSet ready vs scheduled

Description
Alerts when number of ready and scheduled DaemonSets have diverged.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for difference between the number of ready and scheduled DaemonSets

0

Sensitivity

Sensitivity of the alerting

95% of 5m

Filters

Dimensions you want to add to the detector

None

K8s cluster deployment is not at spec

Description
Alerts when the numbers of ready and available pods in cluster deployments have diverged.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for difference between the number of ready and available pods in the deployment

0

Sensitivity

Sensitivity of the alerting

80% of 5m

Filters

Dimensions you want to add to the detector

None

K8s container restart count is > 0

Description
Alerts when container restart count in the last 5 minutes is greater than 0.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Filters

Dimensions you want to add to the detector

None

K8s node memory utilization is high

Description
Alerts when a Kubernetes node has been using more than 90% memory for 5 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for percentage of node memory utilization

90

Sensitivity

Sensitivity of the alerting

100% of 5m

Filters

Dimensions you want to add to the detector

None

K8s nodes are not ready

Description
Alerts when Kubernetes nodes are not in a ready state after 30 seconds.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Sensitivity

Sensitivity of the alerting

100% of 30s

Filters

Dimensions you want to add to the detector

None

K8s node cpu > 95% for 5 min

Description
Alerts when Kubernetes node CPU utilization is greater than 95% for at least 5 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for percentage of node CPU utilization

95%

Trigger sensitivity

Sensitivity of the alerting associated with the threshold

100% of 5m

Filters

Dimensions you want to add to the detector

None

K8s job with pod failed (%) > 90

Description
Alerts when a Kubernetes job's failed pod count is greater than 90% in the last 5 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for percentage of failed pods in a Kubernetes job

90%

Trigger sensitivity

Sensitivity of the alerting associated with the threshold

80% of 5m

Filters

Dimensions you want to add to the detector

None

K8s pod phase pending/failed within 5 min

Description
Alerts when a Kubernetes pod phase is reported as pending or failed in the last 5 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger sensitivity

Sensitivity of the alerting associated with the threshold

100% of 5m

Filters

Dimensions you want to add to the detector

None

K8s StatefulSet is not at spec

Description
Alerts when the numbers of current and desired pods in a Kubernetes StatefulSet have diverged in the last 5 minutes.
SignalFlow function
See the function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for desired minus current pods

0

Trigger sensitivity

Sensitivity of the alerting associated with the threshold

95% of 5m

Filters

Dimensions you want to add to the detector

None

Splunk IM - Oracle detectors

Oracle - Process utilization expected to reach the limit

Description
Alerts when Oracle process utilization is above its designated threshold.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Specifies trigger threshold in % for the process utilization

90%

Trigger sensitivity

Sensitivity for alerting associated with the threshold

80% of 5m

Clear threshold

Specifies clear threshold in % for the process utilization

< 90%

Clear sensitivity

Specifies clear sensitivity associated with clear threshold

80% of 5m

filter

Dimensions you want to add to the scope of the detector, if any

None

Oracle - Session utilization expected to reach the limit

Description
Alerts when Oracle session utilization is above its designated threshold.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Sets threshold fire_threshold for CPU usage percentage

90%

Trigger sensitivity

Sensitivity for alerting

80% of 5m

Clear threshold

Sets value for when to clear alerts for CPU usage percentage

90%

Clear sensitivity

Sensitivity for clearing alerts

80% of 5m

filter

Dimensions you want to add to the scope of the detector, if any

None

Oracle - Sudden change in hard parses count

Description
Alerts when the number of hard parses suddenly increases.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger deviation

Expressed in standard deviations from baseline

4.5

Evaluation window

The time range being monitored

20m

Historical window

The time range used to define the recent trend

3h

filter

Dimensions you want to add to the scope of the detector, if any

None

Splunk IM - Redis detectors

Redis Server - CPU continuously near limit

Description
Alerts when Redis CPU usage exceeds the threshold for 80% of the last 10 minutes. The alert clears when Redis CPU usage drops below the clear threshold for 100% of the last 10 minutes.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for CPU usage percentage

90

Sensitivity

Sensitivity for alerting

80% of 10m

Clear threshold

Threshold to clear alerts for CPU usage percentage

80

Clear sensitivity

Sensitivity for clearing alerts

100% of 10m

Filters

Dimensions you want to add to the detector

None

Splunk operational - APM detectors

Splunk operational detectors let you know when you reach certain limits within your Splunk Observability Cloud products.

Splunk operational detectors let you know when you reach certain limits within your Splunk Observability Cloud products.

Splunk operational - APM profiling messages are throttled

Description
Generates an alert when the number of profiling messages that are dropped due to throttling is above the specified threshold.
SignalFlow function
See the APM operational.flow function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for APM profiling messages throttled

0

Sensitivity

Sensitivity for alerting

80% of 5m

Clear sensitivity

Sensitivity for clearing alerts

100% of 5m

Default severity

The default alert severity

Critical

Splunk operational - APM spans are throttled

Description
Generates an alert when the number of spans that are dropped due to throttling is above the specified threshold.
SignalFlow function
See the operational.flow function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for APM spans throttled

0

Sensitivity

Sensitivity for alerting

80% of 5m

Clear sensitivity

Sensitivity for clearing alerts

100% of 5m

Default severity

The default alert severity

Critical

Splunk operational - APM spans are blocked

Description
Generates an alert when the number of blocked spans is above the specified threshold.
SignalFlow function
See the operational.flow function in SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for APM spans blocked

0

Sensitivity

Sensitivity for alerting

80% of 5m

Clear sensitivity

Sensitivity for clearing alerts

100% of 5m

Default severity

The default alert severity

Info

Splunk operational - Detector-related detectors

Splunk operational - Detectors aborted

Description
Alerts when at least one detector has been aborted for the last 5 hours.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for number of aborted detectors

0

Over period

Period of time to compute the number of aborted detectors

5h

Filters

Dimensions you want to add to the detector

None

Splunk operational - Detectors with quality issues

Description
Alerts when the number of detectors with quality issues is above the threshold. A quality issue can be any of the following:
  • Detector is using archived metrics
  • Detector has exceeded MTS limit
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for number of detectors with quality issues

0

Sensitivity

Sensitivity of the alerting

80% of 5m

Filters

Dimensions you want to add to the detector

None

Splunk operational - The number of detectors is expected to reach the limit

Description
Alerts when number of detectors about to reach the organization system limit. This limit includes customized detectors created from AutoDetect detectors.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Percentage system limit reached for maximum number of detectors in an organization

90

Sensitivity

Sensitivity of the alerting

100% of 3h

Splunk operational - Infrastructure Monitoring detectors

Splunk operational - Container usage is expected to reach the limit

Description
Alerts when the container usage percentage is higher than the system limit threshold.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for containers usage percentage

95

Sensitivity

Sensitivity for alerting

100% of 30m

Clear threshold

Threshold to clear alerts for containers usage percentage

90

Clear sensitivity

Sensitivity for clearing alerts

100% of 30m

Show containers

Option to show number of containers instead of percentage

No

Splunk operational - Datapoints are throttled

Description
Alerts when the number of throttled data points is higher than the system limit threshold.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for the number of throttled datapoints

10

Sensitivity

Sensitivity for alerting

80% of 5m

Clear sensitivity

Sensitivity for clearing alerts

80% of 5m

Splunk operational - Host usage percentage is expected to reach the limit

Description
Alerts when the host usage percentage is higher than the system limit threshold.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for the host usage percentage

95

Sensitivity

Sensitivity for alerting

100% of 30m

Clear threshold

Threshold to clear alerts for host usage percentage

90

Clear sensitivity

Sensitivity for clearing alerts

100% of 30m

Show custom metric time series

Option to show number of hosts instead of percentage

No

Splunk operational - Active metric time series (MTS) is expected to reach the limit

Description
Alerts when the number of active metric time series (MTS) is projected to reach the organization system limit.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings
This detector does not have any customizable arguments.

Splunk operational - Custom metric time series (MTS) usage is expected to reach the limit

Description
Alerts when the custom MTS usage percentage is higher than the system limit threshold.
SignalFlow function
See the function in the SignalFlow library repository on GitHub.
Settings

Customize this detector through these settings in the UI. Learn more: Copy and customize AutoDetect alerts and detectors.

Argument

Description

Default value

Trigger threshold

Trigger threshold for the custom MTS usage percentage

95

Sensitivity

Sensitivity for alerting

100% of 30m

Clear threshold

Threshold to clear alerts for custom MTS usage percentage

90

Clear sensitivity

Sensitivity for clearing alerts

100% of 30m

Show custom metric time series

Option to show number of custom MTS instead of percentage

No