Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I set a trigger condition on a Splunk report like you would when creating an alert?

a843687
New Member
‎07-21-2022 03:39 PM

How do I set a "Trigger Condition" on a Splunk report like you would  when creating an alert?

My issue is that I have created a report that I want to generate an email from when Number of Results = 0 ie, when no file has been uploaded/detected.

Some people would argue why don't I just create an alert instead? My dilemma is, with an alert it won’t let you add a "Time Range" as I want my daily report to track the previous 7 day time range 

My search string looks like this:

index=it_sts_xfer_prod_us xferPath="*GIDM*" OR xferPath="*sailpnt*" OR xferPath="*identity*" OR xferPath="*InternalAudit*" xferFile="FILENAME.csv" | eval _time=_time-xferSecs | convert ctime(_time) as Time timeformat=%m/%d/%y

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-21-2022 05:22 PM

Reports don't have triggers.  They always send their results.

Alerts have triggers.  They also have time ranges.

richgalloway_0-1658449351724.png

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...