Reporting

How to create a automatic search report depends on dashbord results

sra1
New Member

I created a dashboard which will create a report and send the email for every four hours up to this it is working fine. In my dashboard we are getting percentage of Error code. here my requirement is to create an automatic search if the percentage of any error code is greater than 1% in dashboard. and those search events are also sent to mail along with dashboard.

Dashboard:-
ERCD count percent
6664 6 1.81
6545 6 1.81
6544 38 1.06
2888 12 0.61
2012 2 0.60
4006 1 0.47

Tags (1)
0 Karma

mayurr98
Super Champion

Well splunk dashboard will not create a report automatically. what you can do is take the search query of this table and save it as a report.
you can try something like this for the threshold on percentage.
Step 1:

<copy query of the table you have generated in a dashboard> | where percentage>1

Step 2:

Save it as report.

Step 3:
go to Reports >> Your_Report >> Edit >> Edit Schedule >> Schedule Report

Where you can schedule a report and send it on email accordingly.

In order to send email, email configuration needs to be done!
If you have not configure email settings then have a look at this doc
http://docs.splunk.com/Documentation/Splunk/7.0.1/Alert/Emailnotification

let me know if this helps!

0 Karma

sra1
New Member

Thanks for the reply mayur,

here my requirement is to get the evens of those ERCD where percentage is greater than 1%.

ex:-
index=*(index name) ERCD=6664 OR ERCD=6544 OR ERCD=6545

0 Karma

mayurr98
Super Champion

okay so you can write something like this

index=<index_name> ERCD=* 
| eval even=ECRD % 2 
| where even=0 AND percentage>1

let me know if this helps!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...