Alerting

creating alerts

bellaed
Path Finder

newbie to splunk
Can i create an alert displaying on the splunk app,that looks like "indexing volume exceeded" alert from splunk. i am not using real-time dashboards. when i am uploading a file containing some unexpected termination , can i create an alert to the user like "Unexpected termination found in the file."
Basic Perl script like this will work or do i have to continue exploring splunk Perl script.
#!/splunk/bin/scripts

       if($termination eq "UNEXPECTED") {
         print "UNEXPECTED TERMINATION FOUND IN FILE!!!!!! ";
       }

Hope this information explains my query.
Thank You
Bella

Tags (1)

bellaed
Path Finder

Can appending some scripts or Plugins do the job of creating an alert message in the dashboard itself?

0 Karma

katesplunk
Explorer

Wow Bella, Me too have the same requirement.. Did u find a way?

0 Karma

bellaed
Path Finder

i was in search of an app or plugin that can help me to do this 😞 .. all in vain i guess

0 Karma

DaveSavage
Builder

I see this Bella - how confident do you feel about building your first dashboard? The search part is easy. Given that this may not be the last item you need to know about, it would merit the learning curve. I'm just going to check out 2 other (already built) plug-ins which might do that for you.

0 Karma

bellaed
Path Finder

Dave, I could see only email alerts and alerts on alert manager, how could i do exactly what i am in need of.

0 Karma

DaveSavage
Builder

Bella, check out http://docs.splunk.com/Documentation/Splunk/latest/Search/Whatsinthismanual and http://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts reference points. I'm looking for the link to David Carasso's Exploring Splunk which I would recommend, it's an excellent resource when you are finding your feet. If that doesn't completely meet your needs then post a question back. If a new question is different to the content above then post it as new, but obviously don't duplicate content - it gets confusing for those trying to help.
Good luck and welcome to this new world! 😉
D

DaveSavage
Builder

Found it: http://www.splunk.com/goto/book
Btw, David C's work and recommendations are available at http://www.innovato.com/splunk/

0 Karma

DaveSavage
Builder

Yes it is...wait 1 and I'll find the resource links...

0 Karma

bellaed
Path Finder

Dave,
Is it possible to do this?

0 Karma

bellaed
Path Finder

'm not specific about banner area. it can be an alert box or a new window, something like that , but it should trigger when i am searching source="that log file"

0 Karma

DaveSavage
Builder

Bella,
Just to get this straight your file contains error warnings messages and you would like to see any such conditions in the Splunk banner warning message area?
If your data from the file is being indexed ok, and you write a simple search to run at time of your choice containing that message verbatim, you would get your result, but not as yet in the banner - but could via usual notifications. The search can be scheduled - it doesn't have to wait for you to kick it off from the GUI. Is that what you mean?
Br
D

0 Karma