Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Create alert if profit for previous month is less than 0, schedule it for last Friday for each month.

rajakabdual
New Member
‎04-19-2018 03:35 AM

please help me out from this.

index="sales" sourcetype="csv" source ="sales_new.csv" and my fields

date_month
date_mday
date_wday
Profit

Tags (1)
0 Karma
Reply

kmaron
Motivator
‎04-19-2018 05:41 AM

You could do something like this:

index="sales" sourcetype="csv" source ="sales_new.csv" earliest=-1mon@mon latest=@mon 
| stats sum(Profit) as MonthlyProfit by date_month 
| where MonthlyProfit < 0

You then set the trigger condition to be Number of Results > 1

The last Friday of the month is the hard part.

I believe in the cron expression you would need to put in the possible dates like this: 0 2 25-31 * 5

Which says to run the alert at 2 am on a Friday that falls between the 25th of the month and the 31st of the month.
However that only covers a Friday that happens on the 25th through the 31st. In the month of February the last Friday COULD be the 24th. But if you put the 24th in the Cron you could get a month like August of this year where Friday falls on the 24th AND the 31st. So that might take some .... planning on your part.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...