Alerting
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom alert trigger condition for passing time amount

ryhluc01
Communicator
‎12-19-2018 01:57 PM

Hi all,

I need to set up an alert condition to notify me if the report doesn't generate data for more than 5 minute's

stats max(_time) as "Last Report Run" by reltime|dedup "Last Report Run" |convert timeformat=%l:%M%p ctime("Last Report Run")|rename reltime as "Time Since Last Report"|sort -"Time Since Last Report"

0 Karma
1 Solution
Solved! Jump to solution
Solution

ryhluc01
Communicator
‎12-26-2018 08:31 AM

Answering my own question: This result can be achieved by specifying the number or results as the trigger condition.

View solution in original post

0 Karma
Solved! Jump to solution
Solution

ryhluc01
Communicator
‎12-26-2018 08:31 AM

Answering my own question: This result can be achieved by specifying the number or results as the trigger condition.

0 Karma
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-26-2018 10:51 AM

@ryhluc01 If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 3)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top