Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create custom trigger alerts if any new entry has been made?

shwetas
Explorer
‎04-06-2018 01:42 AM

I am running below query to fetch the data of Database and wants to trigger an alert if any new entry has been made to that particular table.

**Query:**|dbxquery connection="***" query="select * from [IntegrationSplunk].[dbo].MGL_With_LZRL"|table "Application_Name" "APP_ID" "Database_Name" "Operating_System" "HostName" "Location" "Landing_Zone" "R_Lane" "Size_Of_Data" "Planned_End_Date" "Planned_Start_Date" "State" | rename "Landing_Zone" as LandingZone, "Application_Name" as ApplicationName, "Size_Of_Data" as SizeofData, "Planned_End_Date" as PlannedEndDate, "Planned_Start_Date" as PlannedStartDate, "APP_ID" as ApplicationID, "Operating_System" as OperatingSystem

And set up below alert criteria in GUI:

Alert Type:cSchedule
Run on Cron schedule
Time Range:cAll TIme
Crom Expressiom:*/5 * * * *

Trigger Conditions
Trigger alert when
    Number of Results
    is greater than 0
Trigger  For each result

The above settings are creating change continuously however I was looking for one change for each result.

Please advise how this can be achieved.

Regards,
Shweta

0 Karma
Reply

p_gurav
Champion
‎04-06-2018 03:04 AM

This may help:

https://answers.splunk.com/answers/511012/how-to-create-a-splunk-alert-upon-new-database-tab.html

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...