This input will return the information relating to any alerts that have been triggered since the last time the input as called.
Contrast this with the mulesoftalerts input, which will return the details relating to the configuration of the alerts themselves.

Splunk events

Sourcetype: mulesoft:triggeredalerts

Timestamp: time that data was received by Splunk

Sample event:

{"triggeredAt": 1622112275680, "context": {"app": "contactapi-7989847", "name": "contactapi-7989847", "user": "iDelta", "resource": "contactapi-7989847"}, "severity": "INFO", "condition": {"type": "deployment-success", "resourceType": "cloudhub-application"}, "actions": [{"state": "success", "type": "email"}], "environmentId": "7345beef-70cb-4387-b26d-2534486a5b98", "organizationId": null, "alertId": "094ea754-c359-4768-afe2-ff7bdcbfc346"}

About this input

This input calls the URL:{alertId}/history

Using the parameters:

  • Global account: Specified when input is configured
  • environmentId: Specified when input is configured
  • alertId: automatically obtained by the input via an API call

For each alert in the environment, the input checks if any alerts have been triggered. Checkpointing is in place so that only alerts that were triggered since the last time the input was run will be written to the index.

Learn more: Mulesoft documentation

Posted by:Andrew MacLeod

Andrew is a certified Splunk Admin and has worked for iDelta for over two years. Previously, he worked as an actuarial analyst in the life and pensions industry - a role that he was in for over 7 years before deciding to embark on a career change into the IT industry. He holds an MPhys degree in theoretical physics from the University of Edinburgh. Outside of work he is a big puzzle fan, with a particular penchant for things cruciverbal and mathematical.