Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

email alert condition

jvmerilla
Path Finder
‎10-25-2018 02:55 AM

Hi,
I have an email alert that will send a table with a field Status.
Now, I need to send this email every hour starting from 8am, until all values of Status is equal to 100%.
If all Status is equals to 100% it should stop sending email.

Is this possible to do in email alert?

Thanks in advance!

0 Karma
Reply

renjith_nair
Legend
‎10-25-2018 03:23 AM

@jvmerilla,
Yes, schedule it for every hour and add a condition to the search or alert where Status<=100 . In this case, when status is 100 , then the alert won't be triggered.

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

jvmerilla
Path Finder
‎10-25-2018 04:32 AM

Hi @renjith.nair,

Would it work if I have for example 10 events.
For example by 8am, only 2 the events have Status=100%, so it will send alert containing all the events, including the Status=100% and Status!=100%.
But when every event has Status=100%, is should stop sending email.

0 Karma
Reply

renjith_nair
Legend
‎10-25-2018 05:32 AM

@jvmerilla,
Yes , we can do it by adding this to your search (remove the previous where Status<100)

"your search to get all the events with Status"|eventstats count(eval(if(Status=100,1,null()))) as count_by_status,count as total|where count_by_status!=total|fields Status

Below is a run anywhere example. Try it by changing the values of Status (100,90,80) 

|makeresults|eval Status="100,90,80"|makemv Status delim=","|mvexpand Status
|eventstats count(eval(if(Status=100,1,null()))) as count_by_status,count as total|where count_by_status!=total|fields Status
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...