How to create trigger alert if the count in the da...

prettysunshinez · ‎03-17-2022

I would want an alert to be triggered and sent to mail if a particular panel has the count=0 in the dashboard

how should we achieve that

pls help

prettysunshinez · ‎03-22-2022

@gcusello The search of the panel has values parsed from the other panels in the dashbaord.

gcusello · ‎03-22-2022

Anyway, the only solution is the one I described:

you have to create one single search and save it as an alert, it isn't possible to create an alert taking parameters from other panels or inputs.

I could add that the concept of alert is to have a rule that automatically checks the conditions and triggers without human intervenes.

You could also add the sendmail command to a panel, but in this way, the mail is sent every time you open the dashboard and I don't think that's acceptable.

Ciao.

Giuseppe

gcusello · ‎03-18-2022

Hi @prettysunshinez,

you have only to take the search in the panel and run it in the Search dashboard, then you have to save it as an Alert, adding the other informations: trigger condition (count=0), scheduling, time frame, etc...).

Ciao.

Giuseppe

How to create trigger alert if the count in the dashboard is zero?

Other

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation