Alert Setup - Based on percentages

New Member

Hi 'am trying to setup an alert to trigger based on percentage. But couldn't find the options for the same. Please could you assist me.

For eg:

An alert should trigger if the failure event >=5% of the total events.

Total events = 100
Failure events = 6
Success events = 94

In above case, an alert should be triggered since the failure event is >=5%.

Tags (1)
0 Karma

Path Finder

Here is my illustration

I create 2 tags

Bad_End totalParts=0, totalParts=1

Good_End totalParts=2, totalParts=3, totalParts=4

Executing this search on my filtered target

| top tag::totalParts


tag::totalParts count percent

1 Bad_End 34 1.816239

2 Good_End 1838 98.183761

I would like to Alert based on Good_End being smaller than 97%

I saved the search and would like assistance with the Custom Conditional search expression that would trigger and Alert.

0 Karma

 | eval percentage=((failureevents/successevents)*100) | where percentage>=5

If you could paste some example data it would be easier to give a more accurate answer 🙂
The above is roughly what you want to be doing to produce a percentage that you could perform an alert on

Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...