Alerts For Splunk Admins

This application accompanies the Splunk conf 2017 presentation "How did you get so big? Tips and tricks for growing your Splunk installation from 50GB/day to 1TB/day" The 2017 conf presentation is linked from the detailed notes, the overall idea behind this application is to provide a variety of alerts that detect issues or potential issues within the splunk log files and then advise via an alert that this has occurred. This application was built as there were a variety of messages in the Splunk console and logs in Splunk that if acted upon could have prevented an issue within the environment. In addition to the alerts there are a few dashboards that relate to troubleshooting indexer/heavy forwarder performance issues. Many of the alerts are informational and the description and comments inside the alert explain which alerts are likely to generate the most noise. All alerts are disabled by default so you can choose which alerts may be appropriate for your environment. Feedback is welcome!