Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

set up alert

thinktanku
Explorer
‎06-24-2020 01:31 PM

Hello Team ,

 i need to set up alert when to condition meets i should get alert.
1st condition (string) - BEA-000337
2nd condition Started time is greater than 6000 ms

could you please help

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-25-2020 06:28 AM

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎06-24-2020 01:36 PM
Please provide some sample events and say what fields are extracted from them.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

thinktanku
Explorer
‎06-24-2020 01:58 PM

here is sample event : 

########################################################################

<Error> <WebLogicServer> <BEA-000337> <[STUCK] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "633" seconds working on the request Version: 0, Scheduled=false, Started=true, Started time: 11600000 ms


##########################################################################

when we get stuck thread . . BEA-000337 error code will always be there but tricky part i just need to get alert only when Started time: greater than 1000000 ms

 

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎06-25-2020 05:40 AM

You didn't include the fields that are extracted from this event so we may be doing this the hard way.

index=foo "BEA-000337"
| rex "Started time: (?<startedTime>\d+)"
| where startedTime > 1000000

Save this search as an alert and have the alert trigger when the number of results is not zero. 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

thinktanku
Explorer
‎06-25-2020 05:51 AM

thank you so much @  

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-25-2020 06:28 AM

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...