Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Help in creating search query for Alert

santosh_scb
Explorer
‎08-14-2020 04:47 AM

Hi

I am currently working on an alert wherein it should trigger email when a search condition is met. Details are as below:

Whenever the log events contains the text "Timer Alert Expired", I should be able to trigger the alert and send an email. 

Sample event as below:

Error log:  “WARN  [com.tracegroup.IMP_DIAG.transformer.MappingDefinitionGroups.TSaaSRequestResp.MappingDefinitions.CreateAlert] (G_M80T53|utx:681b7409:173e5a33ee9:-35a4|chnl:LN1_TransactionQueue-Events|id:184880844222000160000096002) 200813PN100144009  --  Timer Alert Expired”

While, I am able to extract the string and store it in a field (time_expire), I am unable to get a way to trigger an alert. Needed help in creating an alert with the above condition. I understand from alert function that it will be triggered when a particular condition is met but in this condition not sure on how to generate the alert. 

Thanks 

San

Labels (1)
Labels
Tags (1)
0 Karma
Reply

dave_null
Path Finder
‎08-14-2020 04:53 AM

Can you make a search that find the events? After that, you should be able to press on "Save As" on the upper-right and then click on "Alert."

You should then be able to specify various settings for the alert, such as trigger actions like email. Assuming your email settings are correct, of course.

0 Karma
Reply

santosh_scb
Explorer
‎08-15-2020 07:37 AM

Thanks Dave that is working. 

0 Karma
Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!