Summary
The key takeaways from this chapter are as follows:
- There are three different types of alerts in Splunk: scheduled alerts, per-result alerts, and rolling-window alerts
- Alerts are based-off underlying historical or real-time searches
- Alerts are triggered based on user-specified conditions and can be throttled as required
- Alerts have a number of different actions that can be performed when an alert is triggered, including sending an e-mail and executing a script
- Alerts play a critical part in gaining proactive operational intelligence
- Alerts can be used for relatively simple use cases such as detecting errors or much more complex use cases such as predicting future sales
