https://community.splunk.com/t5/Splunk-Search/How-to-create-alert-on-if-log-message-does-not-appear/m-p/653629#M225869 <P>Hi,</P><P>I was dealt with a similar scenario.</P><P>I would use a lookup to get a list of servers. I would also add the threshold to the lookup (host, threshold) to future-proof it.</P><P>Then you can append the list and do some dudup/stats magic; or start with inputlookup and join your search.&nbsp;</P><P>smurf</P> Tue, 08 Aug 2023 22:23:17 GMT smurf 2023-08-08T22:23:17Z https://community.splunk.com/t5/Splunk-Search/How-to-create-alert-on-if-log-message-does-not-appear/m-p/653626#M225868 <P>Hi,</P> <P>I have a splunk source which does have data ingestion from multiple servers, i want to setup an alert on that source on a specific condition that if a particular message does not appear for 6 hour alert should be triggered</P> <P>below is an example to search the string</P> <P>&nbsp;index=index1 source = source1 host=host1 "got the message"</P> <P>so if i dont find the message "got the message" for 6 hours i want to trigger an alert .</P> Wed, 09 Aug 2023 16:23:35 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-alert-on-if-log-message-does-not-appear/m-p/653626#M225868 batham 2023-08-09T16:23:35Z https://community.splunk.com/t5/Splunk-Search/How-to-create-alert-on-if-log-message-does-not-appear/m-p/653629#M225869 <P>Hi,</P><P>I was dealt with a similar scenario.</P><P>I would use a lookup to get a list of servers. I would also add the threshold to the lookup (host, threshold) to future-proof it.</P><P>Then you can append the list and do some dudup/stats magic; or start with inputlookup and join your search.&nbsp;</P><P>smurf</P> Tue, 08 Aug 2023 22:23:17 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-alert-on-if-log-message-does-not-appear/m-p/653629#M225869 smurf 2023-08-08T22:23:17Z