Splunk AppDynamics
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alerts based on specific error code for a Business Transaction

Sahil_Gupta
Explorer
‎06-22-2021 11:50 PM

Hi Experts,

I need suggestions on how we can send email alerts for specific error codes for a Business Transaction.

BT and Error detection is working as expected, the question is only on alerting part.

Consider, BT1 have errors reported as 400,500,300,XXX.

The requirement is to get an email alert when 500 errors are more than 1 for BT1.

Any pointers will be helpful.

Regards,

Sahil 

Labels (3)
Tags (1)
0 Karma
Reply

Mark_Byrne
Path Finder
‎06-23-2021 01:23 PM

Hi Sahil,

If you have Analytics, then you could define an Analytics metric with a query similar to this:

SELECT count(*) FROM transactions WHERE transactionName = "BT1" and userExperience = "ERROR" and segments.errorList.errorCode = "500"

And then define your Health Rule based on this metric.

Mark

Reply

Sahil_Gupta
Explorer
‎06-27-2021 06:24 AM

Hi @Mark.Byrne 

Thanks for your suggestion, I missed mentioning that we do NOT have an analytics license.

Regards,

Sahil Gupta

0 Karma
Reply

Mark_Byrne
Path Finder
‎06-28-2021 02:46 PM

Hi Sahil,

I wondered if that was the case.

The only other thing I can think of, which might not be appropriate in your case, is to use the Error Detection configuration to ignore all HTTP errors apart from the 500.

This of course would mean you would lose visibility of the other errors codes, so probably isn't a good option.

Mark

0 Karma
Reply

Sahil_Gupta
Explorer
‎07-01-2021 09:01 AM

Hi Mark,

As you pointed right, we can ignore all HTTP errors apart from the 500 but it is not a good solution. At least if we have an option to ignore errors for specific business transaction(Instead of whole Application), that would have helped. 

Thanks Mark for your suggestions. Lets keep this discussion open to see if anyone else can contribute.

Regards,

Sahil Gupta

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...