All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to trigger alerts on value of a custom field

joydeep741
Path Finder
‎07-27-2015 09:29 AM

My results are like :-

200 423405 757168 846810 OK

201 5704 15009 11408 HIGH COUNT

206 17 14 34 OK

301 20646 31255 41292 OK

302 11509 26836 23018 HIGH COUNT

I want to trigger the alert if the last column has even one occurrence value as "HIGH COUNT" ?Any suggestions

0 Karma
Reply

dineshraj9
Builder
‎07-27-2015 09:37 AM

Extract it into a field and then add a filter for the value -

index=A sourcetype=B | rex "(\w+\s+){4}(?<COUNT_STATUS>.+)" | search COUNT_STATUS="HIGH COUNT"

If the number of events returned for the query is more than 0 would be the condition.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...