Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk is not generating alert for normal stats count output 7.0.0

ashikuma
Explorer
‎01-10-2019 05:03 AM

Splunk is not generating alert for normal stats count output 7.0.0.

index=my_index "Response code -401" | stats count - after that I am saving this as result and keeping TH when it's count is greater than 10 , I need alert, but it's not working , not triggering alert after breaching TH. all other conditions are configured properly.

Is this common issue with stats command that we can't have alert for any string count ?

Tags (1)
0 Karma
Reply

hijacob
Communicator
‎01-10-2019 05:58 AM

Hi,

please have a look at https://answers.splunk.com/answers/453071/my-alert-is-not-working-how-do-i-troubleshoot.html

I hope you ca solve your problem.

Greetings
Jacob

0 Karma
Reply

ashikuma
Explorer
‎01-10-2019 06:19 AM

My alert setting are same , but I just want to know by we are doing stats count for any string and scheduling that as alert, why that is not working .
When I do like index=my_index "Response code -401" | stats count by host - then it's working but I don't need count by host.

I have to set TH on overall (index=my_index "Response code -401" | stats count ) value when TH exceeds more than 10 or any value but not zero.

Please suggest..

0 Karma
Reply
Get Updates on the Splunk Community!

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...