@bcooper wrote:
Hello!
I’m using the PagerDuty app for Splunk and sending events to the global queue for routing & deduplication.
I have configured global rules to extract the description & dedup_key fields from the event using a simple regex (.*). The description extraction works as I can see the summary name keep changing. The dedup_key extraction however doesn’t appear to work and as a result all alerts are being attached to a single incident because the default dedup_key is the Splunk search name.
Posts: 1
Participants: 1