Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create an alert for increase in traffic?

Shashank_87
Explorer
‎05-13-2020 09:35 AM

Hi,

I am trying to create an alert where if there is a sudden traffic increase on the site with 404's it should get triggered. Instead of number I think writing an alert based on the percentage of traffic would be effective to avoid false positives.

For example, I have X number of traffic at 14:00 and Y number of traffic at 14:30 then we should have an alert at 15:00 if the percentage is very high let's say > 20%

index=test_env host=server-1* status=404

Any guidance is appreciated.

Labels (1)
Labels
0 Karma
Reply

to4kawa
Ultra Champion
‎05-13-2020 12:35 PM 
index=test host=server-1* status=404
| timechart count span=30min by host
| untable _time host counts
| streamstats current=f last(counts) as prev by host
| eval diff = counts - prev
| eval perc = diff / counts * 100

please modify perc calculation.

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...