Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk is not generating alert for normal stats count output 7.0.0

ashikuma
Explorer
‎01-10-2019 05:03 AM

Splunk is not generating alert for normal stats count output 7.0.0.

index=my_index "Response code -401" | stats count - after that I am saving this as result and keeping TH when it's count is greater than 10 , I need alert, but it's not working , not triggering alert after breaching TH. all other conditions are configured properly.

Is this common issue with stats command that we can't have alert for any string count ?

Tags (1)
0 Karma
Reply

hijacob
Communicator
‎01-10-2019 05:58 AM

Hi,

please have a look at https://answers.splunk.com/answers/453071/my-alert-is-not-working-how-do-i-troubleshoot.html

I hope you ca solve your problem.

Greetings
Jacob

0 Karma
Reply

ashikuma
Explorer
‎01-10-2019 06:19 AM

My alert setting are same , but I just want to know by we are doing stats count for any string and scheduling that as alert, why that is not working .
When I do like index=my_index "Response code -401" | stats count by host - then it's working but I don't need count by host.

I have to set TH on overall (index=my_index "Response code -401" | stats count ) value when TH exceeds more than 10 or any value but not zero.

Please suggest..

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...