Reporting

Spam Alert

Splunker4Life
Explorer

Hi all,

I want to set up a spam alert in Splunk that will notify me if we receive excessive emails from a certain source eg 200 emails within a 1 hour timeframe.

I was wondering if such an alert can be made and if so some guidance on how to do so.

Thanks in Advance

Tags (2)
0 Karma
1 Solution

lguinn2
Legend

Sounds like you want to define a scheduled alert.

First, figure out the search that will identify spam. Maybe something like this

sourcetype=myemail | stats count by mailerDomain | where count >= 200

Then click "Create Alert" from the pull-down menu on the right, and follow the directions in the documentation. The search that I have given would trigger an alert if you used the conditions "number of results > 0"

HTH

View solution in original post

0 Karma

lguinn2
Legend

Sounds like you want to define a scheduled alert.

First, figure out the search that will identify spam. Maybe something like this

sourcetype=myemail | stats count by mailerDomain | where count >= 200

Then click "Create Alert" from the pull-down menu on the right, and follow the directions in the documentation. The search that I have given would trigger an alert if you used the conditions "number of results > 0"

HTH

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...