Solved: Alert Based on the output results

kirangurram · ‎09-23-2019

Hello Experts ,
I have a splunk query which is giving me average response time using the filed "process_time".
I want to create an Alert when output of this query is > 2 seconds. Please advice , how I could setup this alert.
I tried multiple options they didint work. I tried to add | where process_time > 2. but this option didnt work.

query | stats avg(process_time)

Output :
avg(process_time)
0.07894736842105263

harsmarvania57 · ‎09-23-2019

Hi,

Please try below

<yourSearch> 
| stats avg(process_time) as avg_process_time
| where avg_process_time > 2

View solution in original post

harsmarvania57 · ‎09-23-2019

Hi,

Please try below

<yourSearch> 
| stats avg(process_time) as avg_process_time
| where avg_process_time > 2

kirangurram · ‎09-23-2019

This works like a charm ... Thanks

kamlesh_vaghela · ‎09-23-2019

@kirangurram
try this

query | stats avg(process_time) as process_time | where process_time > 2

kirangurram · ‎09-23-2019

This works like a charm ... Thanks

Alert Based on the output results

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7