Alerting
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create an website monitoring alert?

Germaine1989
Engager
‎10-10-2022 11:15 PM

Hello,

I have some websites I monitor.
I want to receive an alert when a website is not available more than 15 minutes.
Can you help me create a query for that?

Labels (2)
Labels
0 Karma
Reply

GaetanVP
Contributor
‎10-11-2022 12:34 AM

Hello @gcusello,

I agree with you, just for my curiosity, would you setup the alert like this ?

GaetanVP_0-1665473552547.png

Thanks for your posts that I always enjoy to read !

Regards,
GaetanVP  

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 02:18 AM

Hi @GaetanVP,

yes, it's correct.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 12:20 AM

Hi @Germaine1989,

I suppose that when your website is down you don't have any log from it, in this case you can create a simple alert

index=<your_index> host=<your_host>

to run every 10 minutes, the alert must fire if you don't have results.

If instead you continue to have logs from that host, you have to identify the logs that demonstarte that the log is up, and then insert this additional condition to the above search.

Ciao.

Giuseppe

Reply

Germaine1989
Engager
‎10-11-2022 12:49 AM
  • Thanks for you answer.

    I dont know what you mean with your_index
    I don't have any specific index for the Website Monitoring Add on.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 02:16 AM

Hi @Germaine1989,

you surely archive the logs from the website in one or more indexes that I don't know: "<your_index>" means this or these index/es.

Ciao.

Giuseppe

 

0 Karma
Reply

Germaine1989
Engager
‎10-11-2022 02:50 AM

i have found something.

what can i set up as a condition?

Trigger Conditions

I want to trigger an alert when a website is failed more than 15 minutes.

Germaine1989_0-1665481813194.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 02:55 AM

@Germaine1989,

as I said, you have to create a search that usually has results, and that the condition "results=0" is the firing condition.

then you can create the alert firing with the condition results=0.

in the search you have to define a time period of 15 minutes and schedule the alert every 15 minutes.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
Top