Alerts
Alerts use Ingest Monitoring metrics and the Splunk framework to proactively notify you of potential data management issues with minimal setup.
Alerts transform passive monitoring into an active, prescriptive, and low-configuration alerting experience.
Alerts use Ingest Monitoring metrics and the Splunk alerting framework to proactively notify you of potential issues, significantly reducing time to detect data management issues.
The Ingest Monitoring app uses the following metrics to support alerts:
- Event count
- Data volume
- Latency
- Latest index time, which is linked to the no ingestion alert
View alerts and manage alert rules
Use the following two tabs to manage alerts:
| Alert rules | View and manage previously set alert rules. |
| Triggered alerts | View alerts that are triggered based on your alert rules and investigate the alert for more context. |
For more information, see Managing alert rules.
Alert templates
You can set the alert rules using the following templates:
| Data volume | Monitors ingested data volume and triggers an alert when the volume goes above or below the threshold value you set up. |
| High latency | Monitors the latency and triggers an alert when the value exceeds the set threshold. |
| Event count | Monitors the event count and triggers an alert when the value exceeds the threshold. |
| No ingestion | Monitors selected data entities ingestion and triggers an alert when the ingestion stops. |
Each template monitors different aspects of your ingestion, and you can adjust each alert accordingly to your monitoring needs.