https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75886#M7235 <P>Thanks for the answer! I have here some problems with the forwarder... Can you give me your email or emailing me? Mine is: <A href="mailto:yannik.heinz@itac.de">yannik.heinz@itac.de</A></P> Thu, 28 Mar 2013 09:56:36 GMT Yannik333 2013-03-28T09:56:36Z https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75884#M7233 <P>Hey,<BR /> i have installed splunk and i hope i can do these tasks with it.<BR /> (Im have never used splunk before)</P> <P>I have some Logfiles on a machine in the network.<BR /> I will analyze these logfiles with splunk on another machine and if there are some error messages it should send me an email and inform me.</P> <P>I have installed the Splunk forwarder on the machine with the logfiles.<BR /> Now. Whats with the email service? Is it possible?</P> <P>And if yes how?</P> <P>Notice: Im a beginner (noob) with splunk.<BR /> Sorry for bad english.</P> <P>Thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 27 Mar 2013 09:35:33 GMT https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75884#M7233 Yannik333 2013-03-27T09:35:33Z https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75885#M7234 <P>You can use scripted inputs to do all kinds of weird things to get data into Splunk. The better choice is to use universal forwarder to forward your data or you can transfer the logs to local splunk instance or put it on a network sharing drive via samba/nfs etc. </P> <P>So in order to analyze the logs you need first to index them into splunk, the next steps is to used saved search and alert with an notification email. An alert could be triggered when a criteria is met.</P> <P>You can configure savedsearch.conf easily or just use the management interface.<BR /> An example of editing the savedsearch.conf file to sent an email notification:</P> <P>[Database Response Time Average]<BR /> action.email = 1 <BR /> action.email.format = csv <BR /> action.email.sendresults = 1 <BR /> action.email.subject = Splunk DB response time on online is very high &gt; 200 sec.: $name$<BR /> action.email.to = <A href="mailto:royimad@royimad.net" target="_blank">royimad@royimad.net</A><BR /> action.script = 1<BR /> action.script.filename = actions.sh<BR /> alert.digest_mode = True<BR /> alert.expires = 12h<BR /> alert.severity = 5<BR /> alert.suppress = 1<BR /> alert.suppress.fields = average<BR /> alert.suppress.period = 1d<BR /> auto_summarize.dispatch.earliest_time = -1d@h<BR /> counttype = number of events<BR /> cron_schedule = */55 * * * *<BR /> enableSched = 1<BR /> quantity = 0<BR /> relation = greater than<BR /> search = host="online.wavemark.net" (LOGTYPE="DB") | stats avg(LOGDURATION) AS average | where average &gt; 2000</P> Mon, 28 Sep 2020 13:37:35 GMT https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75885#M7234 royimad 2020-09-28T13:37:35Z https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75886#M7235 <P>Thanks for the answer! I have here some problems with the forwarder... Can you give me your email or emailing me? Mine is: <A href="mailto:yannik.heinz@itac.de">yannik.heinz@itac.de</A></P> Thu, 28 Mar 2013 09:56:36 GMT https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75886#M7235 Yannik333 2013-03-28T09:56:36Z https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75887#M7236 <P>Sure , Please email me to: <A href="mailto:royimad@gmail.com">royimad@gmail.com</A></P> Thu, 28 Mar 2013 11:36:01 GMT https://community.splunk.com/t5/Monitoring-Splunk/Email-Notification-with-Error-Logfiles/m-p/75887#M7236 royimad 2013-03-28T11:36:01Z