All Apps and Add-ons

Create an alert based on SQL query results from DB Input

vchitrala
New Member

Hi ,
I'm new to Splunk , I'm using DB connect V2 . Want to create an alert based on a query in DB Input , I have a field called 'Duration_Hrs' .
I want to trigger email chain if duration exceeds over 24 hours . What are detailed steps I need to follow?

0 Karma

jnussbaum_splun
Splunk Employee
Splunk Employee

You'll first want to construct a search that returns results that you'd like to be alerted on:

example (assuming you're indexing the data from your DB, and you'd like all fields present in your alert): index=my_db_index Duration_Hrs>24 | table *

Then: Save As -> Alert

There's a dozen or so fields you'll want to fill out within the "Save As Alert" box. I'd suggest reading the following : http://docs.splunk.com/Documentation/Splunk/latest/Alert/Definescheduledalerts . There are time windows and intervals you'll want to set to capture data in your required manner.

0 Karma

hemendralodhi
Contributor

Hello,

If we are directly running the query against DB and not indexing data, will it send alert? I am trying to set up alert for this but it is not sending any data content . Only email with "Search Complete" is coming.
I tried with sendresult=true inline=true sendcsv=true also.

Thanks
Hemendra

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>