How do I create a temperature threshold that send ...

babs101 · ‎04-26-2012

I have got my parameter defined in this for

index=main sourcetype="temperature" "30"

When I did my search I got a result in this format.
4/26/12
4:57:39.000 PM

UPS1 Warm: 28 UPS2 Cool: 30
but I need it to display the cool temperature when it is >29 using this command format
index=main sourcetype="temperature" "30"

sdaniels · ‎04-26-2012

If you do a field extraction on the values, you'll be able to search how you want. This should work for you. Place this in a props.conf file (create one if it doesn't exist) in your 'SPLUNK_HOME\etc\apps\users\(username)\local' directory.

EXTRACT-UPS1_temp = (?i) UPS2\s\S+\s(?P[^ ]+)

EXTRACT-UPS2_temp = (?i) UPS2\s\S+\s(?P[^ ]+)

Then you can do a search like this ... | where UPS1_temp > 29. You can also extract out the Warm, Cold values and use those as well.

Here's the docs on extracting new fields
http://docs.splunk.com/Documentation/Splunk/latest/User/ExtractNewFields

How do I create a temperature threshold that send alert at 30 degrees

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation