Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

alert when an increase of indexed data more than 10%

nikolab
Explorer
‎11-20-2015 06:01 AM

Hi
I know that you have been answered before something similarly, but..I need for my managemant set alert on splunk when indexed volume data are 10% higher than daily average.
We have a problems to detect which of ours sourcetypes, indexes or sources produce a high volume of data, so I need alert to notify me by email where is a problem.

thanks in advance

Nikola

Reply
1 Solution
Solved! Jump to solution
Solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎11-20-2015 05:24 PM

In this answer you can get the daily volume: https://answers.splunk.com/answers/29415/daily-index-volume-by-sourcetype.html
You can run the same search for the day before and use eval to compare

View solution in original post

Reply
Solved! Jump to solution
Solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎11-20-2015 05:24 PM

In this answer you can get the daily volume: https://answers.splunk.com/answers/29415/daily-index-volume-by-sourcetype.html
You can run the same search for the day before and use eval to compare

Reply
Solved! Jump to solution

nikolab
Explorer
‎11-23-2015 12:46 AM

Thanks..it is ok, and works fine. Now I can compare index or sourcetype with day or week before.
I have just one question...is it possible that splunk tell me which host ( and we have hundreds of them ) produces the greatest amount of data?
It would be very useful for quick response the problem.

thanks

Nikola

0 Karma
Reply
Solved! Jump to solution

nikolab
Explorer
‎11-20-2015 06:17 AM

And, alert is not a problem..my problem is good search which will give to me the comparison of volume data..avg and 10% higher

thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...