All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Creating threshold alerts.

paul_1994
Path Finder
‎05-16-2013 05:00 PM

I had a request to provide the alert below and I am trying to figure out the best way to tackle it.

run this query every 5 minutes and response time >2000 for more than 10 occurrences then raise email to below group also if possible please plot the timechart with this query

index=xxx_logs service_name=cix* operation=GetTypeFrom* Transaction_time>2000  | timechart max(Transaction_time) by operation

Thanks in Advance!

Update:

I created an alert to run every 5min and to alert if threshold reaches over 10 occurrences.

Tags (1)
0 Karma
Reply

kristian_kolb
Ultra Champion
‎05-17-2013 12:55 AM

Hi, the query below would give you a table of operations that have exceeded 2000 (ms?) more than 9 times for the time period searched. I'm not exactly sure that that's what you're asking for, but I think so.

index=xxx_logs service_name=cix* operation=GetTypeFrom* Transaction_Time > 2000 |stats c by operation | where c>9

If you want to make a chart of that, you could replace the stats with a timechart span=5min

Hope this helps,

K

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...