Configure detectors and alerts in Splunk APM

Learn about options for detectors and alerts in Splunk APM.

You can use detectors to dynamically monitor request rate, error rate, and latency in the services you are tracing with Splunk APM. APM detectors use built-in algorithms to generate alerts about sudden spikes, historical anomalies, or a static threshold in your APM metrics or business transaction. See Use built-in alert metrics and conditions in Splunk APM for more information about alert conditions.

You can also use AutoDetect detectors that are available by default for service latency, error rate, and request rate. See Use and customize AutoDetect alerts and detectors for more information.

Create an APM detector

There are several entry points for creating APM detectors.

From the Splunk Observability Cloud create menu

  1. Select the plus icon to open the create menu (plus sign) on the navigation bar.

  2. Select APM Detector.

  3. See Steps to create a detector to complete your detector configuration.

From a dashboard

To create an APM detector from Splunk APM dashboards, select the bell icon within a specific chart in the dashboard and select New detector from chart. See Steps to create a detector to complete your detector configuration.

From the overview page in Splunk APM

To create an APM detector from the overview page in Splunk APM, select the 3-dot icon to open the More menu in the Services and Business Transactions tabs and select Create Detector. See Steps to create a detector to complete your detector configuration.

From the service map in Splunk APM

To create an APM detector from the service map in Splunk APM, select a service from the APM > Service map page. Then, select the 3-dot icon in the panel for the service and select Create Detector. See Steps to create a detector to complete your detector configuration.

Steps to create a detector

Follow these steps to create a detector for Splunk APM:

  1. Name your detector.

  2. Select your metric. You can select request rate, error rate, or latency for a business transaction, service, or endpoint.

  3. Set the condition for your alert: Static threshold, Sudden change, or Historic anomaly. See Use built-in alert metrics and conditions in Splunk APM for more information about alert conditions.

  4. Select the scope of your alert. You can select specific environments, business transactions, services, and endpoints.

  5. Configure your alert details:
    1. See Static Threshold to review options for the static threshold condition.

    2. See Sudden Change to review options for the static threshold condition.

    3. See Historical Anomaly to review options for the static threshold condition.

  6. Add filters and grouping dimensions for your detector. Besides the default grouping shown in the UI, you can group metrics by custom dimensions.

  7. Select the alert severity. See Severity for more information about alert severity.

  8. (Optional) Share your alert with others by integrating with your team’s incident response tool and add a link to your runbook.

  9. Select Activate.