Alerting

How to create an Alert when the system gives 0 results?

rashi83
Path Finder

Hi,

Need to create a Alert where if Search produces zero results then alert should be send , this should be checked every 15 mins. Is there any internal log file on which this alert can be created so that it doesn't create overhead on the system.

Tags (2)
0 Karma

jaime_ramirez
Communicator

Hi

You can check the results given by an alert with the following:

index=_internal sourcetype="scheduler" search_type=scheduled savedsearch_name="Your alert name"
| where result_count=0

Hope it helps.

Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...