Saved Searches

bh_stats_gen

The bh_stats_gen search is responsible for generating statistics about data coming into Splunk. The results are written to the summary index, to be picked up and read by other searches for alerting purposes. It can be fine-tuned using the bh_stats_gen_contraints and bh_stats_gen_additions macros.

Broken Hosts - Auto Sort

The Broken Hosts - Auto Sort search was implemented in order to optimize the ordering of the Broken Hosts Lookup. Because the lookup is evaluated in a first-match fashion, the ordering of the lookup is critical to preventing incorrect matches. You can view more information about the ordering of the lookup in the Saved Searches documentation.

This search modifies the Broken Hosts Lookup in the following ways:

  1. Entries are reordered based on the ordering rules defined in the Saved Searches documentation.
  2. All fields are converted to lower case, as the lookup is case insensitive.

Broken Hosts Alert - by contact

Broken Hosts Alert - by contact is primarily intended for anyone upgrading from an older version of Broken Hosts. This search groups the alert lines by the contact field from the lookup, and each contact will receive one email (the email action is configured by default on this search). This search also relies on the default_contact macro to populate the contact when none is defined in the lookup table.

If you’re coming from an older version of Broken Hosts and choose to implement this search, we’d still recommend you review the new Broken Hosts Alert Search as you may find additional uses from it that were difficult or impossible in previous versions of the app.