Splunk Search

Help me with search for my use case

sravankaripe
Communicator

I need to setup a alert if my count is zero on that day.

my query is
index= abc | timechart span=1d count
and I am running for last 7 days.

if count=0 on that day I want trigger a alert.

Please help me with search query.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @sravankaripe, if they solved your problem, remember to "√Accept" an answer to award karma points 🙂

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

The best way to do this is going to depend on what you are actually using the timechart for.

One simple way - run this for 1 day

index= abc | stats count

Set the alert to trigger when count=0.

Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...