Install

Prerequisites

These Apps must be deployed to your Search Head(s):

• Python Cron Iteration for Splunk
• Lookup File Editor

Deployment steps

1. Install the App on your Splunk Search Head(s)
2. Launch Update KV Store lookup from Reports tab by clicking Open in Search
3. Verify that active alerts are listed in the Inventory dashboard
4. [OPT] Adjust getServiceRequest macro to extract service request # from alerts’ description
5. Set recipient to Notify admin for alerts to review alert or disable it
6. [WARN] Set recipient to Notify alert recipient of a change alert as $result.email$ or disable it

Warning

Notify alert recipient of a change alert will send an email to alert’s recipient when triggered.

Upgrade

Relaunch Update KV Store lookup from Reports tab by clicking Open in Search