Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Event for when a log host or source fails

jasrich
New Member
‎06-24-2013 08:19 AM

Is there a way to configure an event to fire when a certain log host or source fails to send logs after a given amount of time?

Thanks.

Tags (4)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-24-2013 08:44 AM

You could define a scheduled search that computes the number of events matching your criteria, and set an alert to trigger if that number is zero.

0 Karma
Reply

Antioch
Path Finder
‎06-24-2013 08:24 AM

I don't think this is going to be possible, alerting works on taking searchable data and sending an alert about its contents. If splunk doesn't have data to search from, it can't send an alert.

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top