Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create an alert for an system performance with sample job run logs?

thejasplunk67
Engager
‎10-17-2022 05:11 AM

Hi there,

Kindly help me on  Search to trigger an alert by scan the logs for scheduled job and check elapsed time (threshold time) for each job execution instance If the elapsed time exceeds the specified threshold for ALL the three executions.

Thanks in Advance,


Regards,
Theja

Labels (3)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-17-2022 08:04 AM

Hi

Can you provide some example events for generating this alert. Please add those events inside </> block in editor to avoid changes for those.

r. Ismo

0 Karma
Reply

thejasplunk67
Engager
‎10-18-2022 09:56 AM

Please find the attached event details 

<9/18/22
1:20:02.949 AM
2339972421 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:02.949 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.646 AM
2339970118 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:00.646 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.436 AM
2339969908 [KNT(400345)-XXX.XXX.XX.-96] DEBUG 2022-09-17T21:20:00.436 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

<9/17/22
11:20:05.857 PM
2332775329 [KNT(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:05.857 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
11:20:03.029 PM
2332772501 [DNI(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:03.029 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
9:20:06.065 PM
2325575537 [KNT(397937)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T17:20:06.065 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

Note:-  We are trying to customize the logs with Job start timestamp and job end timestamp

Thanks in Advance,

Thanks and Regards,
Theja

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...