Splunk Search

Help me with search for my use case

Path Finder

I need to setup a alert if my count is zero on that day.

my query is
index= abc | timechart span=1d count
and I am running for last 7 days.

if count=0 on that day I want trigger a alert.

Please help me with search query.

0 Karma

Splunk Employee
Splunk Employee

Hey @sravankaripe, if they solved your problem, remember to "√Accept" an answer to award karma points 🙂

0 Karma

SplunkTrust
SplunkTrust

The best way to do this is going to depend on what you are actually using the timechart for.

One simple way - run this for 1 day

index= abc | stats count

Set the alert to trigger when count=0.