Alerting

How can we send the entire error stack from app logs to our email from splunk?

s0m073r
Engager

May I know if we have such option to do via splunk. I guess logstash would help in such scenarios, but wanted to understand if this approach from splunk will degrade the splunk performance as well as will it create any overhead. I am new to splunk, so wanted to see when an event occurs continuously for 10 times within 1 min, i should be getting the error stack of one of those occurrences to my mail.

0 Karma

woodcock
Esteemed Legend

Splunk by default cannot do event aggregation in this way, HOWEVER, ArcSight NiFi, and criblcan. In the case of ArcSight, they do not charge for the use of their connectors which do this aggregation function but probably using them without using the entire product is a violation of their TOS. In the case of cribl it is super easy but it does cost money (let me know if you need help, we are a VAR). In the case of NiFi, it is complicated but free. The "right" answer is probably cribl because it is specifically built for doing this kind of thing and connecting to Splunk.

0 Karma

to4kawa
Ultra Champion

About alerts

You can do it without any problems.
If you provide sample logs, we can also create a query.

0 Karma

s0m073r
Engager

Thanks @to4kawa
will it degrade any performance of splunk ui?
I am still working on the kind of logs to capture, but first before trying to do this, I should understand if there will be any kind of performance issues on splunk end.

0 Karma

to4kawa
Ultra Champion

Performance depends on the amount of logs to be collected and the performance of the server.
I'm not that expert, so check with your vendor for accuracy.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...