Alerting

Trigger an email alert when status code is other than 200

Bala
Explorer

Hi Team,

i want to configure an mail alert when the status code is 400,401, 500... which means other than 200 trigger the alert. check every 30 min once.

Bala_0-1642672563175.png

 

Labels (1)
Tags (1)
0 Karma

sajohnson6
Explorer

I agree with Skrajkumar, the only other suggestions I would offer is if you are looking for an http status code, I would do status!=2*, that way it ignores all 2xx HTTP responses.

0 Karma

skrajkumar_splu
Splunk Employee
Splunk Employee

Try scheduling an alert with condition "|search status !=200" with a cron schedule of  "*/30 * * * *".

Settings->Searches, Reports, and Alerts ->new alert

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...