newbie to splunk
Can i create an alert displaying on the splunk app,that looks like "indexing volume exceeded" alert from splunk. i am not using real-time dashboards. when i am uploading a file containing some unexpected termination , can i create an alert to the user like "Unexpected termination found in the file."
Basic Perl script like this will work or do i have to continue exploring splunk Perl script.
#!/splunk/bin/scripts
if($termination eq "UNEXPECTED") {
print "UNEXPECTED TERMINATION FOUND IN FILE!!!!!! ";
}
Hope this information explains my query.
Thank You
Bella
Can appending some scripts or Plugins do the job of creating an alert message in the dashboard itself?
Wow Bella, Me too have the same requirement.. Did u find a way?
i was in search of an app or plugin that can help me to do this 😞 .. all in vain i guess
I see this Bella - how confident do you feel about building your first dashboard? The search part is easy. Given that this may not be the last item you need to know about, it would merit the learning curve. I'm just going to check out 2 other (already built) plug-ins which might do that for you.
Dave, I could see only email alerts and alerts on alert manager, how could i do exactly what i am in need of.
Bella, check out http://docs.splunk.com/Documentation/Splunk/latest/Search/Whatsinthismanual and http://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts reference points. I'm looking for the link to David Carasso's Exploring Splunk which I would recommend, it's an excellent resource when you are finding your feet. If that doesn't completely meet your needs then post a question back. If a new question is different to the content above then post it as new, but obviously don't duplicate content - it gets confusing for those trying to help.
Good luck and welcome to this new world! 😉
D
Found it: http://www.splunk.com/goto/book
Btw, David C's work and recommendations are available at http://www.innovato.com/splunk/
Yes it is...wait 1 and I'll find the resource links...
Dave,
Is it possible to do this?
'm not specific about banner area. it can be an alert box or a new window, something like that , but it should trigger when i am searching source="that log file"
Bella,
Just to get this straight your file contains error warnings messages and you would like to see any such conditions in the Splunk banner warning message area?
If your data from the file is being indexed ok, and you write a simple search to run at time of your choice containing that message verbatim, you would get your result, but not as yet in the banner - but could via usual notifications. The search can be scheduled - it doesn't have to wait for you to kick it off from the GUI. Is that what you mean?
Br
D