Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I set a trigger condition on a Splunk report like you would when creating an alert?

a843687
New Member
‎07-21-2022 03:39 PM

How do I set a "Trigger Condition" on a Splunk report like you would  when creating an alert?

My issue is that I have created a report that I want to generate an email from when Number of Results = 0 ie, when no file has been uploaded/detected.

Some people would argue why don't I just create an alert instead? My dilemma is, with an alert it won’t let you add a "Time Range" as I want my daily report to track the previous 7 day time range 

My search string looks like this:

index=it_sts_xfer_prod_us xferPath="*GIDM*" OR xferPath="*sailpnt*" OR xferPath="*identity*" OR xferPath="*InternalAudit*" xferFile="FILENAME.csv" | eval _time=_time-xferSecs | convert ctime(_time) as Time timeformat=%m/%d/%y

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-21-2022 05:22 PM

Reports don't have triggers.  They always send their results.

Alerts have triggers.  They also have time ranges.

richgalloway_0-1658449351724.png

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...