How to use Splunk to create an alert to Glip

jpage1944 · ‎10-02-2019

The process has been to set up an alert to look back 1 minute with a snap to the start and end of the minute.
This process would not trigger on all log entries. The process was changed to a 5 minute process that would look back 5 minutes and process every log entry.

This would still not report all log entries. One minute look back schedule missed a small number of entries but with a 5 minute look back it is missing large sections of entries.
When I run the SPL query in Splunk it shows the missing log entries that should be in Glip.

How can I get Splunk to trigger an action on all log entries with no more than a 5 minute look back? [Search 5min Configuration]

(https://i.stack.imgur.com/RmEaq.png)

jpage1944 · ‎11-08-2019

The receiving end was overloaded it would drop splunk webhook requests.

jpage1944 · ‎10-03-2019

evzhang thanks for the edits but you have no advice on how to get a hundred % accuracy?

How to use Splunk to create an alert to Glip

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to use Splunk to create an alert to Glip

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...