Event Feed

Many of the views in the app include an Event Feed table which should be used to list important events in your environment. This may include, for example, times of scheduled IT upgrades, system failures and other dates of significance to your company. These events may prove helpful to the user in understanding the underlying cause of insights that Prelert has found in your data.

Event Feed

Configuration

The list of events displayed in the Event Feed is obtained from a CSV lookup, event_feed.csv, that is installed as part of the app. Each event is identified by a time and description. The lookup also includes a type field, although this field is not yet in use by the app and should be left blank when adding or editing entries.

The Lookup File Editor App for Splunk Enterprise can be used to add, edit or delete entries in the Event Feed lookup. If not already installed in your Splunk deployment, this can be downloaded from Splunkbase at https://splunkbase.splunk.com/app/1724/.

Lookup Editor

Editing the Event Feed CSV lookup with the Lookup File Editor App for Splunk Enterprise

Alternatively if you have access to the file system, the Event Feed lookup can be edited by modifying event_feed.csv directly. It can be found in the directory:

$SPLUNK_HOME/etc/apps/prelert/lookups

The event date and time must be entered in the format %Y-%m-%d %H:%M %Z, for example:

time,description,type
2015-05-05 00:00 BST,Planned maintenance of UK webservers,
2015-05-04 00:00 BST,UK Public Holiday,
2015-05-03 23:30 BST,Planned reboot of test network,
2015-05-01 08:00 BST,Desktop upgrade project starts,
2015-05-06 06:00 BST,Power outage in the London office,
2015-04-30 23:00 BST,Installed new mail server,

This page

Browse

You are here