Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help in creating search query for Alert

santosh_scb
Path Finder
‎08-14-2020 04:47 AM

Hi

I am currently working on an alert wherein it should trigger email when a search condition is met. Details are as below:

Whenever the log events contains the text "Timer Alert Expired", I should be able to trigger the alert and send an email. 

Sample event as below:

Error log:  “WARN  [com.tracegroup.IMP_DIAG.transformer.MappingDefinitionGroups.TSaaSRequestResp.MappingDefinitions.CreateAlert] (G_M80T53|utx:681b7409:173e5a33ee9:-35a4|chnl:LN1_TransactionQueue-Events|id:184880844222000160000096002) 200813PN100144009  --  Timer Alert Expired”

While, I am able to extract the string and store it in a field (time_expire), I am unable to get a way to trigger an alert. Needed help in creating an alert with the above condition. I understand from alert function that it will be triggered when a particular condition is met but in this condition not sure on how to generate the alert. 

Thanks 

San

Tags (1)
0 Karma
Reply

dave_null
Path Finder
‎08-14-2020 04:53 AM

Can you make a search that find the events? After that, you should be able to press on "Save As" on the upper-right and then click on "Alert."

You should then be able to specify various settings for the alert, such as trigger actions like email. Assuming your email settings are correct, of course.

0 Karma
Reply

santosh_scb
Path Finder
‎08-15-2020 07:37 AM

Thanks Dave that is working. 

0 Karma
Reply
Get Updates on the Splunk Community!

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...