https://community.splunk.com/t5/Splunk-Search/I-m-new-to-splunk-queries-and-how-to-create-an-alert-using-Linux/m-p/582981#M203008 <P>I need to write a Splunk alert to check number of connections on a server. Using below Linux command I can get the results on the server. But help me out in creating an alert on Splunk with the command.</P><P>ps -ef | grep '[s]shd' | grep -v ^root | grep -i <A href="mailto:phgservice@internal*" target="_blank" rel="noopener">file*</A> | wc -l</P> Fri, 28 Jan 2022 19:29:35 GMT Vin 2022-01-28T19:29:35Z https://community.splunk.com/t5/Splunk-Search/I-m-new-to-splunk-queries-and-how-to-create-an-alert-using-Linux/m-p/582981#M203008 <P>I need to write a Splunk alert to check number of connections on a server. Using below Linux command I can get the results on the server. But help me out in creating an alert on Splunk with the command.</P><P>ps -ef | grep '[s]shd' | grep -v ^root | grep -i <A href="mailto:phgservice@internal*" target="_blank" rel="noopener">file*</A> | wc -l</P> Fri, 28 Jan 2022 19:29:35 GMT https://community.splunk.com/t5/Splunk-Search/I-m-new-to-splunk-queries-and-how-to-create-an-alert-using-Linux/m-p/582981#M203008 Vin 2022-01-28T19:29:35Z https://community.splunk.com/t5/Splunk-Search/I-m-new-to-splunk-queries-and-how-to-create-an-alert-using-Linux/m-p/582996#M203011 <P>That's a pretty straightforward query in Splunk.&nbsp; However, do you have the equivalent to "ps -ef" logged in Splunk?&nbsp; If not, then the alert won't work.</P><P>Another option is to create a scripted input that executes that CLI command and logs the result in Splunk.&nbsp; Then you can alert on it.</P> Fri, 28 Jan 2022 21:53:53 GMT https://community.splunk.com/t5/Splunk-Search/I-m-new-to-splunk-queries-and-how-to-create-an-alert-using-Linux/m-p/582996#M203011 richgalloway 2022-01-28T21:53:53Z