Alerts

Question 1

When is an alert triggered?

Answer 1

When a search meets a specific condition

Question 2

List 5 functions of alerts

Answer 2

List in interface
Log Events
Send Emails
Trigger Scripts
Use a webhook
run a custom script

Question 3

A serach string such as sourcetype=access_combined_wcookie status=5*
can be saved as an alert. True or False

Answer 3

True, from the save as alert menu

Question 4

What are the 2 permissions on an alert?

Answer 4

Private (only you can access/edit/view)

Share in App (results will display to all users of the app)

Question 5

What are the 2 different types of alerts and what do they do?

Answer 5

Scheduled (set a scheduled time range for search to be run - predefined or expressed)
Real Time (will run continously int he background (more overhead on performance)

Question 6

How can see triggered alerts

Answer 6

Via the Activity menu and triggered alerts

Question 7

What is an alert

Answer 7

an action triggered by a saved search

Question 8

What can an alert do?

Answer 8

Add to triggered alerts
User a log event action (send to splunk for deployment indexing)
Run a script (triggers shell script or batch file)
Send email (set where to send email, priority, subject and message)
webhooks (define customer hoobacks, create alert in chatroom or create ticket in helpsdesk system)