Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create custom trigger alerts if any new entry has been made?

shwetas
Explorer
‎04-06-2018 01:42 AM

I am running below query to fetch the data of Database and wants to trigger an alert if any new entry has been made to that particular table.

**Query:**|dbxquery connection="***" query="select * from [IntegrationSplunk].[dbo].MGL_With_LZRL"|table "Application_Name" "APP_ID" "Database_Name" "Operating_System" "HostName" "Location" "Landing_Zone" "R_Lane" "Size_Of_Data" "Planned_End_Date" "Planned_Start_Date" "State" | rename "Landing_Zone" as LandingZone, "Application_Name" as ApplicationName, "Size_Of_Data" as SizeofData, "Planned_End_Date" as PlannedEndDate, "Planned_Start_Date" as PlannedStartDate, "APP_ID" as ApplicationID, "Operating_System" as OperatingSystem

And set up below alert criteria in GUI:

Alert Type:cSchedule
Run on Cron schedule
Time Range:cAll TIme
Crom Expressiom:*/5 * * * *

Trigger Conditions
Trigger alert when
    Number of Results
    is greater than 0
Trigger  For each result

The above settings are creating change continuously however I was looking for one change for each result.

Please advise how this can be achieved.

Regards,
Shweta

0 Karma
Reply

p_gurav
Champion
‎04-06-2018 03:04 AM

This may help:

https://answers.splunk.com/answers/511012/how-to-create-a-splunk-alert-upon-new-database-tab.html

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...