Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to set an alert to find deviations from normal behavior when monitoring jobs in a SQL server?

DimkoBilanko
Explorer
‎11-15-2016 11:25 AM

I have SQL server, where are 6 SQL jobs and it's configured to write events to Windows journal every time when job is finished (it does not matter successfully or unsuccessfully).
Normal behavior is that events appears every 5 min for one job, 15 min for another, 7 min for another and etc (duration between events can be with a small deviation).

But sometimes, jobs can halt for a long time, therefore events will not appear.....

I need to setup an alert for such incidents, i.e. find deviation from normal behavior.

alt text

Preview file
112 KB
0 Karma
Reply

niketn
Legend
‎11-15-2016 11:01 PM

You can try the following which gives duration in minute for last event received for each SQL Job. You can setup alert for duration > SLA or specific JOB not found in the following result i.e. Number of Results < 6.

host=host08 SourceName="SQLAgentHost08" EventCode=208 SQL_JOB_NAME=* | stats count as Count max(_time) as LastReceived by SQL_JOB_NAME | eval LastReceivedTime=strftime(LastReceived,"%Y/%m/%d %H:%M:%S") | eval durInMin=round((now()-LastReceived)/60,1) | fields - LastReceived
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...