Re: Creating threshold alerts.

paul_1994 · ‎05-16-2013

I had a request to provide the alert below and I am trying to figure out the best way to tackle it.

run this query every 5 minutes and response time >2000 for more than 10 occurrences then raise email to below group also if possible please plot the timechart with this query

index=xxx_logs service_name=cix* operation=GetTypeFrom* Transaction_time>2000  | timechart max(Transaction_time) by operation

Thanks in Advance!

Update:

I created an alert to run every 5min and to alert if threshold reaches over 10 occurrences.

kristian_kolb · ‎05-17-2013

Hi, the query below would give you a table of operations that have exceeded 2000 (ms?) more than 9 times for the time period searched. I'm not exactly sure that that's what you're asking for, but I think so.

index=xxx_logs service_name=cix* operation=GetTypeFrom* Transaction_Time > 2000 |stats c by operation | where c>9

If you want to make a chart of that, you could replace the stats with a timechart span=5min

Hope this helps,

K

Creating threshold alerts.

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Creating threshold alerts.

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk