Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there any way to send an email alert after a certain value?

israalbo
New Member
‎03-10-2020 08:33 AM

I am displaying on a counter a value that basically counts the times a login has failed, but I would like to get an Email, every time that counter goes over 5, so that way I could monitor better what is going on or if it is an attack. Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-10-2020 08:50 AM

HI @israalbo,
you can use the same search to schedule an alert.
You have only to define:

  • frequency of execution,
  • time period of search,
  • threshold.

In the alert you can also set if the alert must be fired every time there's a value that exceed threshold or if there's a period, after alert, that the alert isn't executed again.

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-10-2020 08:50 AM

HI @israalbo,
you can use the same search to schedule an alert.
You have only to define:

  • frequency of execution,
  • time period of search,
  • threshold.

In the alert you can also set if the alert must be fired every time there's a value that exceed threshold or if there's a period, after alert, that the alert isn't executed again.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

israalbo
New Member
‎03-10-2020 08:57 AM

Hi, I am new at Splunk, let me get this straight, inside the search I can get a report by email? Do you have any extra information in order to accomplish that? I would be very thankful!

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎03-10-2020 09:02 AM

HI @israalbo,
you can create your search and when you have to save it, you can choose as options:

  • an alert,
  • a dashboard panel,
  • a report.

if you choose Alert, Splunk opens a panel to set the alert options (frequency, activation, etc...) and the actions (email, script execution, etc...).

For more infos see at:
https://www.youtube.com/watch?v=0REbozaALX0
https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/Aboutalerts

Ciao.
Giuseppe

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...