Hello Members,
I have a requirement, in which i have 5 servers, in which i want to send and alert.
In which five server are :
a, b,c,d,e,f
I want to set an alert in which when the CPU utilization is high on server a --- then alert send to one specific email id @@abc.splunk.com and for the other 4 servers i want to send an alert on email group---xyz@splunk.com.
In splunk alert setting there is no option, we need to put through SPL by using the eval, but it is not working for me.
I have tried as below :
| eval condition_alert=if(server == "a", "abc.splunk.com", "xyz@splunk.com") --- it is not working
| eval condition_alert=if(LIKE(server,"%a%"),"abc.splunk.com", "xyz@splunk.com") --- it is also not working.
Please suggest me the solution.