Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create an alert for an system performance with sample job run logs?

thejasplunk67
Engager
‎10-17-2022 05:11 AM

Hi there,

Kindly help me on  Search to trigger an alert by scan the logs for scheduled job and check elapsed time (threshold time) for each job execution instance If the elapsed time exceeds the specified threshold for ALL the three executions.

Thanks in Advance,


Regards,
Theja

Labels (3)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-17-2022 08:04 AM

Hi

Can you provide some example events for generating this alert. Please add those events inside </> block in editor to avoid changes for those.

r. Ismo

0 Karma
Reply

thejasplunk67
Engager
‎10-18-2022 09:56 AM

Please find the attached event details 

<9/18/22
1:20:02.949 AM
2339972421 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:02.949 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.646 AM
2339970118 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:00.646 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.436 AM
2339969908 [KNT(400345)-XXX.XXX.XX.-96] DEBUG 2022-09-17T21:20:00.436 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

<9/17/22
11:20:05.857 PM
2332775329 [KNT(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:05.857 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
11:20:03.029 PM
2332772501 [DNI(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:03.029 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
9:20:06.065 PM
2325575537 [KNT(397937)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T17:20:06.065 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

Note:-  We are trying to customize the logs with Job start timestamp and job end timestamp

Thanks in Advance,

Thanks and Regards,
Theja

0 Karma
Reply
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...