How to create custom trigger alerts if any new ent...

shwetas · ‎04-06-2018

I am running below query to fetch the data of Database and wants to trigger an alert if any new entry has been made to that particular table.

**Query:**|dbxquery connection="***" query="select * from [IntegrationSplunk].[dbo].MGL_With_LZRL"|table "Application_Name" "APP_ID" "Database_Name" "Operating_System" "HostName" "Location" "Landing_Zone" "R_Lane" "Size_Of_Data" "Planned_End_Date" "Planned_Start_Date" "State" | rename "Landing_Zone" as LandingZone, "Application_Name" as ApplicationName, "Size_Of_Data" as SizeofData, "Planned_End_Date" as PlannedEndDate, "Planned_Start_Date" as PlannedStartDate, "APP_ID" as ApplicationID, "Operating_System" as OperatingSystem

And set up below alert criteria in GUI:

Alert Type:cSchedule
Run on Cron schedule
Time Range:cAll TIme
Crom Expressiom:*/5 * * * *

Trigger Conditions
Trigger alert when
    Number of Results
    is greater than 0
Trigger  For each result

The above settings are creating change continuously however I was looking for one change for each result.

Please advise how this can be achieved.

Regards,
Shweta

p_gurav · ‎04-06-2018

This may help:

https://answers.splunk.com/answers/511012/how-to-create-a-splunk-alert-upon-new-database-tab.html

How to create custom trigger alerts if any new entry has been made?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation