Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create an alert for an system performance with sample job run logs?

thejasplunk67
Engager
‎10-17-2022 05:11 AM

Hi there,

Kindly help me on  Search to trigger an alert by scan the logs for scheduled job and check elapsed time (threshold time) for each job execution instance If the elapsed time exceeds the specified threshold for ALL the three executions.

Thanks in Advance,


Regards,
Theja

Labels (3)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-17-2022 08:04 AM

Hi

Can you provide some example events for generating this alert. Please add those events inside </> block in editor to avoid changes for those.

r. Ismo

0 Karma
Reply

thejasplunk67
Engager
‎10-18-2022 09:56 AM

Please find the attached event details 

<9/18/22
1:20:02.949 AM
2339972421 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:02.949 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.646 AM
2339970118 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:00.646 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.436 AM
2339969908 [KNT(400345)-XXX.XXX.XX.-96] DEBUG 2022-09-17T21:20:00.436 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

<9/17/22
11:20:05.857 PM
2332775329 [KNT(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:05.857 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
11:20:03.029 PM
2332772501 [DNI(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:03.029 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
9:20:06.065 PM
2325575537 [KNT(397937)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T17:20:06.065 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

Note:-  We are trying to customize the logs with Job start timestamp and job end timestamp

Thanks in Advance,

Thanks and Regards,
Theja

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...