Skip to main content
Skip table of contents

KB 181 - Initializing new alerting framework searches in Splunk App 7.3.0

Category: Problem

Priority: Normal

Platform: Splunk

Version: 1 from 12.07.2023

Description

The Splunk app release 7.3.0 contains several new panel integrations for the alerting framework. However, it was noted during testing that the app is not correctly initializing these new searches, and no bell icon is shown below the panel to indicate that a search can be created from the panel. The new panel integrations in each dashboard are:

  • tRFC Monitor (SM58)

    • Count by Function Module

  • Transports Overview

    • Segregation of Duty (SOD) Violations

  • qRFC Monitor

    • qRFC Failures Count Timeline

  • Java Systems Overview

    • System Problems

    • CPU Utilization

    • Memory Utilization

    • GC Problems

Cause

The alerting framework backend is built on two data stores:

  • A CSV file shipped with the app containing information on all panel integrations for that release, and

  • A KV store that each Splunk installation uses to operate the alerting framework

For each release, the CSV is supposed to update the KV store with new data. However, this is not occurring.

Resolution

For 7.3.0, users can update the alerting framework in their installation by running the following search:

CODE 
| inputlookup pc_panel_wise_alert
| eval key=_key
| table key alert_title interested query
| search key IN ("trfc_errors__Count-by-Function-Module",
                 "sap_transport_dashboard__Segregation-of-Duty-SOD-Violations",
                 "qrfc_monitor__qRFC-Failures-Count-Timeline",
                 "java_system_overview__System-Problems",
                 "java_system_overview__CPU-Utilization",
                 "java_system_overview__Memory-Utilization",
                 "java_system_overview__GC-Problems")
| join type=left key
    [ inputlookup panel_wise_alert_default.csv
    | table key "Current Interested"
    | rename "Current Interested" as interested]
| outputlookup pc_panel_wise_alert key_field=key

Once completed, you can load these pages and test if the corresponding panels show the bell icon in their toolbar when you hover your cursor over the panel.

[Product version]

Product

From

To

PowerConnect [NW,S4HANA,S4HANA Cloud]

[Affected version from]

[Affected version to]

[SAP product version]

Product

Component

From

To

 

 

 

 

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close