Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to set an alert to find deviations from normal behavior when monitoring jobs in a SQL server?

DimkoBilanko
Explorer
‎11-15-2016 11:25 AM

I have SQL server, where are 6 SQL jobs and it's configured to write events to Windows journal every time when job is finished (it does not matter successfully or unsuccessfully).
Normal behavior is that events appears every 5 min for one job, 15 min for another, 7 min for another and etc (duration between events can be with a small deviation).

But sometimes, jobs can halt for a long time, therefore events will not appear.....

I need to setup an alert for such incidents, i.e. find deviation from normal behavior.

alt text

Preview file
112 KB
0 Karma
Reply

niketn
Legend
‎11-15-2016 11:01 PM

You can try the following which gives duration in minute for last event received for each SQL Job. You can setup alert for duration > SLA or specific JOB not found in the following result i.e. Number of Results < 6.

host=host08 SourceName="SQLAgentHost08" EventCode=208 SQL_JOB_NAME=* | stats count as Count max(_time) as LastReceived by SQL_JOB_NAME | eval LastReceivedTime=strftime(LastReceived,"%Y/%m/%d %H:%M:%S") | eval durInMin=round((now()-LastReceived)/60,1) | fields - LastReceived
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...