Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Event for when a log host or source fails

jasrich
New Member
‎06-24-2013 08:19 AM

Is there a way to configure an event to fire when a certain log host or source fails to send logs after a given amount of time?

Thanks.

Tags (4)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-24-2013 08:44 AM

You could define a scheduled search that computes the number of events matching your criteria, and set an alert to trigger if that number is zero.

0 Karma
Reply

Antioch
Path Finder
‎06-24-2013 08:24 AM

I don't think this is going to be possible, alerting works on taking searchable data and sending an alert about its contents. If splunk doesn't have data to search from, it can't send an alert.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...