Alerting

search within last 5 minutes

Explorer

hello,
i want to trigger an alert on splunk where if i dont have any data coming in within 5 minutes splunk sends out an alert.

I am using time as -5m@m and @m

thanks

Tags (2)
0 Karma
1 Solution

Super Champion

Not sure which part you need help with....

Create your search WithOut a start and stop time.

Save the search.

Go to Manager>Searches and Reports>

In the Time Range

Start -5m@s Finish Time now

Find the search you saved, open it, and select Schedule this Search

For Schedule Type, select cron, and enter */5 * * * *

For Alert Condition select If Number Of Events, and the condition Is Less Than 1

For Alert Actions select Send Email Enable. Enter a subject and your email address.

View solution in original post

0 Karma

Super Champion

Not sure which part you need help with....

Create your search WithOut a start and stop time.

Save the search.

Go to Manager>Searches and Reports>

In the Time Range

Start -5m@s Finish Time now

Find the search you saved, open it, and select Schedule this Search

For Schedule Type, select cron, and enter */5 * * * *

For Alert Condition select If Number Of Events, and the condition Is Less Than 1

For Alert Actions select Send Email Enable. Enter a subject and your email address.

View solution in original post

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!