Splunk Search

Help me with search for my use case

sravankaripe
Communicator

I need to setup a alert if my count is zero on that day.

my query is
index= abc | timechart span=1d count
and I am running for last 7 days.

if count=0 on that day I want trigger a alert.

Please help me with search query.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @sravankaripe, if they solved your problem, remember to "√Accept" an answer to award karma points 🙂

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

The best way to do this is going to depend on what you are actually using the timechart for.

One simple way - run this for 1 day

index= abc | stats count

Set the alert to trigger when count=0.

Get Updates on the Splunk Community!

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...