Splunk Search

Help me with search for my use case

sravankaripe
Communicator

I need to setup a alert if my count is zero on that day.

my query is
index= abc | timechart span=1d count
and I am running for last 7 days.

if count=0 on that day I want trigger a alert.

Please help me with search query.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @sravankaripe, if they solved your problem, remember to "√Accept" an answer to award karma points 🙂

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

The best way to do this is going to depend on what you are actually using the timechart for.

One simple way - run this for 1 day

index= abc | stats count

Set the alert to trigger when count=0.

Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...