Dashboards & Visualizations

alert from dashboard, based on a column value

ramyaashok
New Member

Hi,
I have a dashboard, where in a column "status" have text with success or failed, i want to set up a alert for every 15 mins, if the value is failed. how can i achieve this in the XML code that i already have with dashboard.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @ramyaashok,
let me understand your need:

  • you want to insert one or more values in a text box of a dashboard,
  • search on events using the content of this text box every 15 minutes;

Is this correct?

You could put the values to search in a lookup and use it for the search:

  • you have to create a lookup (called e.g. my_lookup.csv) where there's only one field (called e.g. pattern);
  • if the value is in your events in one specified and fixed field (called e.g. my_field), run a search like this:

    index=my_index [ | inputlookup my_lookup.csv | rename pattern AS my_field | fields my_field ]

  • if instead you don't have the value in your events in one specified and fixed field, run a search like this:

    index=my_index [ | inputlookup my_lookup.csv | rename pattern AS query| fields query ]

Use this search to create your alert to schedule with the frequency you like (e.g. 15 minutes and fire everytime you have results.
If you like, you can also insert a threeshold adding at the end a condition:

| stats count
| where count>threeshold

or managing the threeshold in the alert.

Obviously, the first one is better!

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...