Splunk Inc.
Actionable alert messaging network for automated incident resolution

Abstract:

Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). A monitoring function may search the data ingested by the DIQS to determine instances of notable events in regards to the monitored system and may further determine a defined invokable action message (IAM) associated with a notable event instance. Processing ensues to send an IAM to a communications device used by support personnel. The IAM includes information about an action invocation message (AIM) suitable to cause the performance of an action that possibly remedies or improves an operational condition represented by the notable event. Support personnel engages a user interface representation corresponding to the AIM and the AIM is sent to a remedial node where performance of the action is invoked.