Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create custom trigger alerts if any new entry has been made?

shwetas
Explorer
‎04-06-2018 01:42 AM

I am running below query to fetch the data of Database and wants to trigger an alert if any new entry has been made to that particular table.

**Query:**|dbxquery connection="***" query="select * from [IntegrationSplunk].[dbo].MGL_With_LZRL"|table "Application_Name" "APP_ID" "Database_Name" "Operating_System" "HostName" "Location" "Landing_Zone" "R_Lane" "Size_Of_Data" "Planned_End_Date" "Planned_Start_Date" "State" | rename "Landing_Zone" as LandingZone, "Application_Name" as ApplicationName, "Size_Of_Data" as SizeofData, "Planned_End_Date" as PlannedEndDate, "Planned_Start_Date" as PlannedStartDate, "APP_ID" as ApplicationID, "Operating_System" as OperatingSystem

And set up below alert criteria in GUI:

Alert Type:cSchedule
Run on Cron schedule
Time Range:cAll TIme
Crom Expressiom:*/5 * * * *

Trigger Conditions
Trigger alert when
    Number of Results
    is greater than 0
Trigger  For each result

The above settings are creating change continuously however I was looking for one change for each result.

Please advise how this can be achieved.

Regards,
Shweta

0 Karma
Reply

p_gurav
Champion
‎04-06-2018 03:04 AM

This may help:

https://answers.splunk.com/answers/511012/how-to-create-a-splunk-alert-upon-new-database-tab.html

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...