https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509706#M142470 <P>Hi,</P><P>I have alerts when the number goes above certain % of the disk usage. So there are alerts at 70, 80, 90. It works fine. But when there is a 70% alert, I get alerted twice, because of 70% and also 60% usage.</P><P>Here is what the query looks like. I am trying to keep the alert segmented to query the number only between 60-69.99 and 70.00-79.99 and so on.</P><P>aws_account="cloud" "DSM: Current disk usage for account" (account_disk_quota &gt; 70 )</P><P>&nbsp;</P> Fri, 17 Jul 2020 13:45:42 GMT deepakaakula 2020-07-17T13:45:42Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509706#M142470 <P>Hi,</P><P>I have alerts when the number goes above certain % of the disk usage. So there are alerts at 70, 80, 90. It works fine. But when there is a 70% alert, I get alerted twice, because of 70% and also 60% usage.</P><P>Here is what the query looks like. I am trying to keep the alert segmented to query the number only between 60-69.99 and 70.00-79.99 and so on.</P><P>aws_account="cloud" "DSM: Current disk usage for account" (account_disk_quota &gt; 70 )</P><P>&nbsp;</P> Fri, 17 Jul 2020 13:45:42 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509706#M142470 deepakaakula 2020-07-17T13:45:42Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509737#M142474 <P>I don't understand why you are getting alerts about 60 when the alert clearly looks for values greater than 70.</P><P>Try this method for looking for values within a range.</P><LI-CODE lang="markup">aws_account="cloud" "DSM: Current disk usage for account" (account_disk_quota &gt; 70 AND account_disk_quota &lt; 80 )</LI-CODE> Fri, 17 Jul 2020 15:33:20 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509737#M142474 richgalloway 2020-07-17T15:33:20Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509755#M142479 <P>Thanks Rich. I have 4 different alerts with same query for 60, 70, 80, 90%. I just mentioned one of it here.</P><P>So when 90% is triggered, I get alerted 4 times.<BR /><BR />I tried the query you gave with and operation. It did not seems to work.</P> Fri, 17 Jul 2020 16:59:29 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509755#M142479 deepakaakula 2020-07-17T16:59:29Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509758#M142480 Please explain "it did not seems to work". Did it work or did it not? What results did you get? What did you expect to get? Fri, 17 Jul 2020 17:18:13 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509758#M142480 richgalloway 2020-07-17T17:18:13Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509761#M142482 <P>sorry, please ignore my last message. I was querying it for different profile, and I got 0 events back.</P><P>&nbsp;</P><P>I checked with the correct profile, and it worked perfectly now.</P><P>&nbsp;</P><P>Thank you.</P> Fri, 17 Jul 2020 17:30:50 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/509761#M142482 deepakaakula 2020-07-17T17:30:50Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511871#M143532 <P>hi <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;</P><P>I thought the alert seems to be working fine,&nbsp; but today the disk usage hit 70%, but the alert has triggered twice. once for the 70% as expected, and also the 60% one. These are the queries I have right now.</P><P>Do you recommend any modifications?</P><P>&nbsp;</P><P>60% threshold query:&nbsp;&nbsp;&nbsp; "<STRONG>aws_account="cloud" "DSM: Current disk usage for account" (account_disk_quota &gt; 60 AND account_disk_quota &lt; 70 )</STRONG>"</P><P>&nbsp;</P><P>70% query:&nbsp;&nbsp; "<STRONG>aws_account="cloud" "DSM: Current disk usage for account" (account_disk_quota &gt; 70 AND account_disk_quota &lt; 80 )</STRONG>"</P> Fri, 31 Jul 2020 01:09:36 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511871#M143532 deepakaakula 2020-07-31T01:09:36Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511923#M143548 This seems normal to me. On the way to 70% usage, the disk would reach 60% usage, would it not? Fri, 31 Jul 2020 13:16:21 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511923#M143548 richgalloway 2020-07-31T13:16:21Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511924#M143549 <P>Right, but the disk was at 60% from last 2 weeks, and yesterday evening it reached 70%.<BR />So every time there is an increase in the 70% range, I get alerted twice from 60% and 70% monitors.</P> Fri, 31 Jul 2020 13:21:38 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511924#M143549 deepakaakula 2020-07-31T13:21:38Z https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511939#M143554 I think I understand, but I don't have a suggestion. Sorry. Fri, 31 Jul 2020 14:44:33 GMT https://community.splunk.com/t5/Splunk-Search/query-the-number-between-a-range/m-p/511939#M143554 richgalloway 2020-07-31T14:44:33Z