All Apps and Add-ons

Website Monitoring: What are the default units for the website search? milliseconds?

syjl
New Member

Our web sites seem to alert no matter what, even though it is under the 1000 ms in the macro. Is it alerting based on this search which was cloned from the default website monitoring search? If so, what needs to be changed? It appears that this statement may be at 1-3 milliseconds.

eval time_exceeded=if(response_time>`response_time_threshold`,1,0) | eval avg_time_exceeded=if(avg_response_time>`response_time_threshold`,1,0) | eval response_time=round(response_time, 3)." ms" | eval average=round(avg_response_time, 2)." ms" | eval maximum=round(max_response_time, 2)." ms" | eval range=round(min, 0)." - ".round(min+range, 0)." ms" | table title url response_code last_checked time_exceeded response_time avg_time_exceeded average range sparkline_response_time  | `timesince(last_checked,last_checked)`
0 Karma

LukeMurphey
Champion

The search that you are using doesn't filter out results that are within the threshold. For alerting, you want a search that only returns results when a problem is identified (zero results when there are zero problems).

The app comes with a search named "website_performance_problems" which is intended for this type of alerting. I recommend using or cloning that one since it filters results unless they exceed the timeout or indicate a failure (like an problematic return code).

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...