Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a Splunk alert upon any new table entry

rsantkumar
Observer
‎07-13-2020 07:11 PM

Hi. I have a splunk table which tracks  all the plugin version available to install for each plugin. Please note that each plugin can have multiple values. The idea is to alert when a new  version becomes available for any of the plugins(latest entry). the search runs every 5 mins.

rsantkumar_0-1594692562342.png

 

 

Kindly help.

 

Labels (1)
Labels
0 Karma
Reply

jacobpevans
Motivator
‎07-15-2020 03:29 PM

By "splunk table", I assume you mean the results of a search as it appears in your screenshot. If this is the case, you can compare the current data to a previous time's data. The search below will retrieve the unique data from the previous five minutes but only if it is not present in the previous day outside that five minute window.

index=<your_index> sourcetype=<your_sourcetype> earliest=-5m latest=now
| table key Plugin_version Release
| search NOT
    [ | search index=<your_index> sourcetype=<your_sourcetype> earliest=-1d latest=-5m
      | table key Plugin_version Release ]

 

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-14-2020 12:43 AM

Hi @rsantkumar,

To solve your requirement, you could have two approaches:

extract all the versions of each product and check that every target host has the highest, or, in different words, that they have all the same version.

In this way you cannot check the alignment with the newest version but only that all the versions are aligned.

Otherwise, you could create a lookup containing the latest version of each product to verify and check if all the targets are aligned with this version.

Ciao.

Giuseppe

0 Karma
Reply

rsantkumar
Observer
‎07-15-2020 03:18 PM

@gcusello: Thanks for your reply. The problem with these approaches in my case is that the release of versions is quite often and the idea is to notify us as soon as a new version is available for a plugin for us to use.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...