Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create an alert for an system performance with sample job run logs?

thejasplunk67
Engager
‎10-17-2022 05:11 AM

Hi there,

Kindly help me on  Search to trigger an alert by scan the logs for scheduled job and check elapsed time (threshold time) for each job execution instance If the elapsed time exceeds the specified threshold for ALL the three executions.

Thanks in Advance,


Regards,
Theja

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-17-2022 08:04 AM

Hi

Can you provide some example events for generating this alert. Please add those events inside </> block in editor to avoid changes for those.

r. Ismo

0 Karma
Reply

thejasplunk67
Engager
‎10-18-2022 09:56 AM

Please find the attached event details 

<9/18/22
1:20:02.949 AM
2339972421 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:02.949 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.646 AM
2339970118 [KNT(400345)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T21:20:00.646 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/18/22
1:20:00.436 AM
2339969908 [KNT(400345)-XXX.XXX.XX.-96] DEBUG 2022-09-17T21:20:00.436 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

<9/17/22
11:20:05.857 PM
2332775329 [KNT(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:05.857 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
11:20:03.029 PM
2332772501 [DNI(399133)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T19:20:03.029 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />
<9/17/22
9:20:06.065 PM
2325575537 [KNT(397937)-XXX.XXX.XX.XX-44] DEBUG 2022-09-17T17:20:06.065 com.jip.vds.grip.ViewCachehandler [] - getViewCache: the view 'infa_dev.dev_agent_transation' already exists in cache
host = Server_details source = Sours_ details sourcetype = grip_dev />

Note:-  We are trying to customize the logs with Job start timestamp and job end timestamp

Thanks in Advance,

Thanks and Regards,
Theja

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...