Create a search who return status ok, or 200

Redjon_27 · ‎12-17-2021

Hello,

I'm working in Splunk enterprise with the search queries.

I use a Website monitoring app for my website.

I run a search to send my alerts where the website is not responding and is working fine.

How to run a query to send my alerts for that website it was down before 5 minutes now is ok?

I would greatly appreciate your help.

Br.

-------------------------------------------------------------------------------------------------------------------------------

My search who look for errors:

Redjon_27 · ‎12-17-2021

sourcetype=web_ping title="Billy-Bridge" `website_monitoring_search_index` | `set_response_code` | `set_status` | stats sparkline(avg(total_time)) as avg_response_time max(total_time) as max_response_time latest(response_code) as response_code latest(_time) as last_checked latest(title) as title latest(url) as url latest(total_time) as range min(total_time) as min latest(status) as status by source | search
| eval average=round(avg_response_time, 0)." ms"
| eval maximum=round(max_response_time, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval response=response_code
| table title url response last_checked status
| `timesince(last_checked,last_checked)`
| sort -response_time | search response="Connection timed out" OR response=404 OR response=502 OR response=504

Create a search who return status ok, or 200

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?