Join our upcoming App Dev Community Office Hours on January 16thRegister here

 Detect anomalies using detectors

On this page

Detectors watch incoming data for anomalous conditions specified by SignalFlow calculations and other settings. In response to an anomalous condition, detectors record an event, trigger an alert, and optionally send off notifications using third-party services. Detectors can also record events, alerts, and notifications when the anomalous condition clears.

Detectors provide many options for setting conditions and time periods, specifying alert and clear message content, and message recipients. Splunk Observability Cloud provides integrations that let you add in third-party notification services such as Slack and email.

 Detectors

In Splunk Observability Cloud, a detector defines the following:

  • A trigger condition, specified in a SignalFlow program
  • A severity to set when the trigger condition occurs
  • Where and how notifications are sent
  • The content included in notifications

 Detector actions

When Splunk Observability Cloud detects that a trigger condition exists, it does the following:

  • Generates an event
  • Sets off an alert
  • Sends one or more notifications to people to inform them of the alert

When Splunk Observability Cloud detects that the condition no longer exists, it does the following:

  • Generates a second event
  • Clears the alert
  • Sends a second set of notifications
Info Circle

The options for creating a detector using the API are slightly different from the options for creating a detector in the user interface. Some information in the Introduction to alerts and detectors in Splunk Observability Cloud topic in the Splunk Observability Cloud user documentation might not apply to the API.