How to create an alert if count is greater than or...

vrmandadi · ‎05-10-2022

I am trying to create an alert based on stats count value...I want to alert if count is less than or greater than 500

ITWhisperer · ‎05-10-2022

greater than or less than a particular number is the same as being not equal to that number. Is that what you want your alert triggered on?

vrmandadi · ‎05-11-2022

Yep.That is correct..So just use count!=500 ...is that the only thing needed

ITWhisperer · ‎05-11-2022

Yes - you'll probably need a custom action and the result you are comparing must be in the first row of the search results

vrmandadi · ‎05-12-2022

Got it Thanks

PickleRick · ‎05-12-2022

If you're only interested in count, you can simply formulate your search so that it does the stats count part but if it's different than 500 returns no results. Then you would simply alert whenever you got any result from your search.

But of course if you're interested in detailed view of those 500 events it won't work.

How to create an alert if count is greater than or less than a particular number?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

How to create an alert if count is greater than or less than a particular number?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine