Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create an Alert when the system gives 0 results?

rashi83
Path Finder
‎08-05-2019 01:39 PM

Hi,

Need to create a Alert where if Search produces zero results then alert should be send , this should be checked every 15 mins. Is there any internal log file on which this alert can be created so that it doesn't create overhead on the system.

Tags (2)
0 Karma
Reply

jaime_ramirez
Communicator
‎08-05-2019 02:07 PM

Hi

You can check the results given by an alert with the following:

index=_internal sourcetype="scheduler" search_type=scheduled savedsearch_name="Your alert name"
| where result_count=0

Hope it helps.

Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...