Sample alert for Splunk Observability
Snapshot of the entity when an event occurs in Splunk Observability.
The sample alert becomes available after you generate the webhook.
{
"severity": "Info",
"originatingMetric": null,
"detectOnCondition": "when(current_p50 > fire_threshold) and on_ and historical_p50 is not None",
"messageBody": "Rule \"test\" in detector \"test\" triggered at Thu, 9 Jun 2022 11:13:20 GMT.\n\nTriggering condition: Latency in the last 10m is more than 5 deviations above the norm established in the preceding 1h. Clears when latency is less than 4 deviations above the norm.\n\nLatency: ms \nThreshold: ms\nSignal details:",
"inputs": {
"on_": {
"value": "true",
"fragment": "static and relative['on'] and non_empty_cond",
"key": {
"sf_environment": "prod",
"sf_httpMethod": "GET",
"sf_kind": "SERVER",
"sf_operation": "HTTP GET",
"sf_service": "Test"
}
},
"off_": {
"value": "true",
"fragment": "relative['off'] and non_empty_cond",
"key": {
"sf_environment": "prod",
"sf_httpMethod": "GET",
"sf_kind": "SERVER",
"sf_operation": "HTTP GET",
"sf_service": "Test"
}
},
"historical_p50": {
"value": "2014.136",
"fragment": "streams.pctile_over_window(pctile=50, filter_=filter_,\nwindow=historical_window_,\n exclude_errors=exclude_errors,\n group_by=group_by,\n custom_filter=custom_filter,\n use_kind_filter=use_kind_filter,\n kind_filter=kind_filter,\n exclude_errors_filter=exclude_errors_filter,\ndefault_group_by=default_group_by,\n default_allow_missing=default_allow_missing,\n metric_names=metric_names).timeshift(\n current_window_)",
"key": {
"sf_environment": "prod",
"sf_httpMethod": "GET",
"sf_kind": "SERVER",
"sf_operation": "HTTP GET",
"sf_service": "Test"
}
},
"fire_threshold": {
"value": "2014.136",
"fragment": "historical_p50 + fire_num_dev_threshold * hist_spread",
"key": {
"sf_environment": "prod",
"sf_httpMethod": "GET",
"sf_kind": "SERVER",
"sf_operation": "HTTP GET",
"sf_service": "Test"
}
},
"current_p50": {
"value": "20015.042999999998",
"fragment": "data(metric_name, filter=filter__, resolution=utils.V2_DATA_RESOLUTION_TEN_SECONDS).mean(by=gp_by,\n allow_missing=default_allow_missing).\\\n scale(scale_by).percentile(50, over=duration(window))",
"key": {
"sf_environment": "prod",
"sf_httpMethod": "GET",
"sf_kind": "SERVER",
"sf_operation": "HTTP GET",
"sf_service": "Test"
}
},
"clear_threshold": {
"value": "2014.136",
"fragment": "historical_p50 + clear_num_dev_threshold * hist_spread",
"key": {
"sf_environment": "prod",
"sf_httpMethod": "GET",
"sf_kind": "SERVER",
"sf_operation": "HTTP GET",
"sf_service": "Test"
}
}
},
"rule": "test",
"description": "Latency in the last 10m is more than 5 deviations above the norm established in the preceding 1h. Clears when latency is less than 4 deviations above the norm.",
"messageTitle": "Info Alert: test (test)",
"sf_schema": 2,
"eventType": "12345678__FUzhGkZ4566__test",
"runbookUrl": null,
"triggeredWhileMuted": false,
"detectOffCondition": "when(current_p50 < clear_threshold) and off_",
"detectorId": "FV8JykSA***",
"imageUrl": "https://static.us1.signalfx.com/signed/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJiVCI6InN0YXJ0IiwiaUlkIjoiRlV5VmJkMkE0QUEiLCJpc3MiOiJjb20uc2lnbmFsZnguYXBwIiwib0lkIjoiRlV5ZXlUOUE0QUEiLCJleHAiOjE2NTUzNzgwMjB9.HtPiPJJDQRtL7ylu6gVjdcSb64BniFXf***********",
"tip": null,
"statusExtended": "anomalous",
"incidentId": "FXALzv3A***",
"detector": "test",
"detectorUrl": "https://app.us1.signalfx.com/#/detector/FV8JykSA***/edit?incidentId=FXALzv3A***&is=anomalous",
"status": "anomalous",
"timestamp": "2022-06-09T11:13:20Z"
}