Re: Create alert if profit for previous month is l...

rajakabdual · ‎04-19-2018

please help me out from this.

index="sales" sourcetype="csv" source ="sales_new.csv" and my fields

date_month
date_mday
date_wday
Profit

kmaron · ‎04-19-2018

You could do something like this:

index="sales" sourcetype="csv" source ="sales_new.csv" earliest=-1mon@mon latest=@mon 
| stats sum(Profit) as MonthlyProfit by date_month 
| where MonthlyProfit < 0

You then set the trigger condition to be Number of Results > 1

The last Friday of the month is the hard part.

I believe in the cron expression you would need to put in the possible dates like this: 0 2 25-31 * 5

Which says to run the alert at 2 am on a Friday that falls between the 25th of the month and the 31st of the month.
However that only covers a Friday that happens on the 25th through the 31st. In the month of February the last Friday COULD be the 24th. But if you put the 24th in the Cron you could get a month like August of this year where Friday falls on the 24th AND the 31st. So that might take some .... planning on your part.

Create alert if profit for previous month is less than 0, schedule it for last Friday for each month.

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

Are you a member of the Splunk Community?

Create alert if profit for previous month is less than 0, schedule it for last Friday for each month.

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!