1. Home
  2. Data Management
  3. Automate Monitoring Your Data With Data Watch
Searching...

Automate Monitoring Your Data With Data Watch

Admins can utilize Atlas’s Data Watch feature to simplify the process for being notified on when a data input behaves improperly. To do this, first navigate to the Data Inventory page and identify the bell Data Watch icon.

Select the Bell icon for a sourcetype that you want to monitor. It will bring up this modal. Select ‘Yes’ to start the process.

After selecting Yes, fill out the form to match your needs.

Guidance for Data Entry:

Follow this link to get recommended inputs for Data Watch!

Percent Drop in Hosts:

  • Yes/No – If you want to track number of hosts reporting this index-sourcetype
  • % Entry – The percent drop in hosts reporting in from base level. For instance, putting 70% would trigger if the number of hosts drops from 10 to 3. The input accepts units from 1 to 100.

Percent Drop in Events:

  • Yes/No – If you want to track number of events being ingested of this index-sourcetype
  • % Entry – The percent drop in events being ingested from base level. For instance, putting 70% would trigger if the number of events drops from 1000 to 300. The input accepts units from 1 to 100.

Schedule:

  • Every Hour/Day/Week/Month/Custom Cron Schedule
  • This input tracks how often you want to check this data to ensure its flowing as expected
  • We recommend between once a day to once a week

Time Window:

  • How far back the search looks. This sets a reference point for expected values. It’s recommended that this matches the Schedule input, so if you are running the search every day, this looks at the past 24 hours.

Time Span:

  • How the search splits up the Time Window into comparable chunks. It is recommended that this is one ‘step below’ of the Time Window. For instance, if Time Window is set to ‘Past Day,’ then setting Time Span to ‘Hour’ would ensure good performance while getting good data trends.

Trigger Actions:

  • This reflects any actions your Splunk Instance has available: setting Notable events, emailing people on the network, or logging to the error. Emailing your inbox is an easy option that alerts you when the search triggers.

Select Save and then the Data Watch Search will be created.

Updated on January 7, 2022
Tagged:

Was this article helpful?

Yes No

Related Articles