Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

when splunk error count is more than a number

rajs115
Path Finder
‎11-11-2021 11:43 AM

Hi,

   I have a log file in splunk which reports the errors when ever something failed. Now i need to run a splunk query if a same error show up in Splunk more than 3 times in last 1 hour. If it happens i need to send an alert.

Can someone suggest me the query with time in it?

 

Thanks.

Labels (3)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-11-2021 12:33 PM

Your "specification" can be interpreted in many ways 🙂

Do you just want to search for some alert and find out if it's 3 or more events? Or maybe you can have several different kinds of alerts and want to know if any single one of them occurs more than 3 times.

 

0 Karma
Reply

rajs115
Path Finder
‎11-11-2021 12:37 PM

@PickleRick ,

 

   "Build failed" is what i need to check in each event logs over the last 1 hour. If its repeated more than 3 times(from 3 events) in last 1 hour i need to send an alert. I hope you get my question now 🙂 

 

Thanks.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-12-2021 08:11 AM

Just do your search for "Build Failed" and trigger the alert when number of results is greater than 2. Easy.

0 Karma
Reply

rajs115
Path Finder
‎11-12-2021 08:29 AM

sure @PickleRick . Thank you

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...