Watch this video to see how to configure and deploy these two Splunk ITSI episode monitoring correlation searches, as well as how to validate the creation of the notable events and the action rule processing. This design pattern is an integral part of the ITSI Monitoring and Alerting content pack and is explained further in the following video. Next, the ITSI rules engine, which runs the NEAP Policy, applies action rules against the newly created notable events. If the action rule's specific activation criteria matches against the notable event data, then an action (such as creating a Splunk On-Call incident) is performed as defined in the action rule. These new notable events become part of the associated episode. These two episode monitoring correlation searches evaluate all open episodes and create new notable events when a new Splunk On-Call incident needs to be created or when an episode state change occurs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |