Severity and state mappings for Splunk Observability
Alert priority and resolution state mapping between Splunk Observability and Incident Response.
Splunk Observability alert priority mapping
Splunk Observability's alert priority is based on one field in the payload.
The field of interest is severity.
| Splunk Observability payload field | Splunk Observability payload value | Incident Response alert priority value |
|---|---|---|
| severity | Critical | P1-Critical |
| Major | P2-High | |
| Minor | P3-Moderate | |
| Warning | P4-Low | |
| Info | P5-Informational |
Splunk Observability resolution state mapping
The field of interest is status.
| Splunk Observability payload field | Splunk Observability payload value | Incident Response alert resolution state value |
|---|---|---|
| status | ok | Closed |
| anomalous | New |
Note: If you require any other severity and state mappings, use the
Generic webhook integration.