Summary

The key takeaways from this chapter are as follows:

  • There are three different types of alerts in Splunk: scheduled alerts, per-result alerts, and rolling-window alerts
  • Alerts are based-off underlying historical or real-time searches
  • Alerts are triggered based on user-specified conditions and can be throttled as required
  • Alerts have a number of different actions that can be performed when an alert is triggered, including sending an e-mail and executing a script
  • Alerts play a critical part in gaining proactive operational intelligence
  • Alerts can be used for relatively simple use cases such as detecting errors or much more complex use cases such as predicting future sales

Get Splunk Operational Intelligence Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial