I'm new to Splunk , I'm using DB connect V2 . Want to create an alert based on a query in DB Input , I have a field called 'Duration_Hrs' .
I want to trigger email chain if duration exceeds over 24 hours . What are detailed steps I need to follow?
If we are directly running the query against DB and not indexing data, will it send alert? I am trying to set up alert for this but it is not sending any data content . Only email with "Search Complete" is coming.
I tried with sendresult=true inline=true sendcsv=true also.