Splunk Search

Help me with search for my use case

sravankaripe
Communicator

I need to setup a alert if my count is zero on that day.

my query is
index= abc | timechart span=1d count
and I am running for last 7 days.

if count=0 on that day I want trigger a alert.

Please help me with search query.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @sravankaripe, if they solved your problem, remember to "√Accept" an answer to award karma points 🙂

0 Karma

DalJeanis
Legend

The best way to do this is going to depend on what you are actually using the timechart for.

One simple way - run this for 1 day

index= abc | stats count

Set the alert to trigger when count=0.

Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...