https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371676#M67461 <P>First step is to collect the relevant data from the logs (I assume). The moment you have the data, you can work on the alerts. </P> Mon, 02 Oct 2017 18:07:29 GMT ddrillic 2017-10-02T18:07:29Z https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371673#M67458 <P>I have been tasked with figuring out how to monitor server activity using splunk and create alerts</P> Mon, 02 Oct 2017 15:38:37 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371673#M67458 2powder 2017-10-02T15:38:37Z https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371674#M67459 <P>Could you provide more details on what you mean by "server activity"?</P> Mon, 02 Oct 2017 15:55:09 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371674#M67459 somesoni2 2017-10-02T15:55:09Z https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371675#M67460 <P>For example, let's say that we have 10 servers that all run the same code. The traffic is load balanced and the code performs a process, that either completes successfully. At the end of the process there is a flag that is set such as "Successful = yes or no". There is also a couple of identifiers such as the vendor ie. "ABC Company" and then there is a unique "Process ID". This process is called real time 24/7. What I am looking for is an alert that will alert me (and others) when a certain threshold has been exceeded. For example, for ABC Company if the Successful = no count &lt; 5 during a certain time period then no alert, but as soon as it goes over 5, then I am alerted.</P> <P>I hope that this helped.</P> <P>Thank you</P> Mon, 02 Oct 2017 17:31:23 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371675#M67460 2powder 2017-10-02T17:31:23Z https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371676#M67461 <P>First step is to collect the relevant data from the logs (I assume). The moment you have the data, you can work on the alerts. </P> Mon, 02 Oct 2017 18:07:29 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371676#M67461 ddrillic 2017-10-02T18:07:29Z https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371677#M67462 <P>That information is already being collected</P> Mon, 02 Oct 2017 20:43:39 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371677#M67462 2powder 2017-10-02T20:43:39Z https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371678#M67463 <P>maybe this video about creating alerts will help <A href="https://www.youtube.com/watch?annotation_id=annotation_2942967387&amp;feature=iv&amp;src_vid=SuARLqm7_jc&amp;v=0REbozaALX0" target="_blank">https://www.youtube.com/watch?annotation_id=annotation_2942967387&amp;feature=iv&amp;src_vid=SuARLqm7_jc&amp;v=0REbozaALX0</A></P> <P>Dave</P> Tue, 29 Sep 2020 16:04:38 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-monitor-servers-using-splunk/m-p/371678#M67463 davebrooking 2020-09-29T16:04:38Z