Ingest alerts in Splunk Incident Intelligence 🔗

To ingest alerts in Incident Intelligence, you can create a detector for one of the available alert sources to automatically pass alerts into Incident Intelligence or you can ingest third-party alerts using an ingest endpoint. After alerts have been ingested, you can view them on the Alerts tab of Incident Intelligence.

Available alert sources in Splunk Observability Cloud

Alert source	Documentation
Splunk APM	See Create detectors to trigger alerts.
Splunk Infrastructure Monitoring	See Create detectors to trigger alerts.
Splunk RUM	See Create a detector.
Splunk Synthetic Monitoring	To create a detector for an API test, see View API test history. To create a detector for a browser test, see Detect and report on your synthetic metrics. To create a detector for an uptime test, see View Uptime test history.

Available ingest endpoints for cloud alerts

Ingest endpoint	Documentation
Amazon CloudWatch	See Ingest Amazon CloudWatch alarms.
Azure Monitor	See Ingest Azure Monitor alerts.
Prometheus	See Ingest Prometheus alerts.

Next step

If you are setting up Incident Intelligence for the first time, next you need to create and configure an incident policy. See Create and configure incident policies.

Was this topic useful?

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

Comment should have minimum 5 characters and maximum of 1000 characters.

Feedback submitted, thanks!