Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to find time delay between one log

muthukumar_covi
New Member
‎01-12-2020 09:54 PM

Hi, I'm new to Splunk, I have one log happens frequently, but sometimes log won't come for some short of time. I need to set alert when the log delay happens! how to do that?

That event having _time, host, source, and sourceType.

0 Karma
Reply

danan5
Path Finder
‎01-12-2020 11:15 PM

Hi,

This might help as a starting point. This looks for hosts that we have seen before and lists them if not seen for the last 24hours. It lisst host, sourcetype, index etc.

| tstats count as countAtToday latest(time) as lastTime where index!="*" by host sourcetype index
| eval age=now()-lastTime
| sort age d
| fieldformat lastTime=strftime(lastTime,"%Y/%m/%d %H:%M:%S") | eval age=round((age/60/60),1)
| search age>=24
| eval age=age."hour"
| dedup host

Adjust thresholds and save as an alert.

Regards,
David

0 Karma
Reply

muthukumar_covi
New Member
‎01-12-2020 11:35 PM

It's not working

0 Karma
Reply

to4kawa
Ultra Champion
‎01-12-2020 11:12 PM

Alert : CronExpressions@splunk>docs

It is recommended that you set the schedule, search periodically, and fire an alert if there is no log.
Please refer to the link

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...