Solved: Spam Alert

Splunker4Life · ‎01-08-2013

Hi all,

I want to set up a spam alert in Splunk that will notify me if we receive excessive emails from a certain source eg 200 emails within a 1 hour timeframe.

I was wondering if such an alert can be made and if so some guidance on how to do so.

Thanks in Advance

lguinn2 · ‎01-08-2013

Sounds like you want to define a scheduled alert.

First, figure out the search that will identify spam. Maybe something like this

sourcetype=myemail | stats count by mailerDomain | where count >= 200

Then click "Create Alert" from the pull-down menu on the right, and follow the directions in the documentation. The search that I have given would trigger an alert if you used the conditions "number of results > 0"

HTH

View solution in original post

lguinn2 · ‎01-08-2013

Sounds like you want to define a scheduled alert.

First, figure out the search that will identify spam. Maybe something like this

sourcetype=myemail | stats count by mailerDomain | where count >= 200

Then click "Create Alert" from the pull-down menu on the right, and follow the directions in the documentation. The search that I have given would trigger an alert if you used the conditions "number of results > 0"

HTH

Spam Alert

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation