Splunk is not generating alert for normal stats co...

ashikuma · ‎01-10-2019

Splunk is not generating alert for normal stats count output 7.0.0.

index=my_index "Response code -401" | stats count - after that I am saving this as result and keeping TH when it's count is greater than 10 , I need alert, but it's not working , not triggering alert after breaching TH. all other conditions are configured properly.

Is this common issue with stats command that we can't have alert for any string count ?

hijacob · ‎01-10-2019

Hi,

please have a look at https://answers.splunk.com/answers/453071/my-alert-is-not-working-how-do-i-troubleshoot.html

I hope you ca solve your problem.

Greetings
Jacob

ashikuma · ‎01-10-2019

My alert setting are same , but I just want to know by we are doing stats count for any string and scheduling that as alert, why that is not working .
When I do like index=my_index "Response code -401" | stats count by host - then it's working but I don't need count by host.

I have to set TH on overall (index=my_index "Response code -401" | stats count ) value when TH exceeds more than 10 or any value but not zero.

Please suggest..

Splunk is not generating alert for normal stats count output 7.0.0

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation