Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create trigger alert if the count in the dashboard is zero?

prettysunshinez
Explorer
‎03-17-2022 10:44 AM

I would want an alert to be triggered and sent to mail if a particular panel has the count=0 in the dashboard

how should we achieve that

pls help

Tags (3)
0 Karma
Reply

prettysunshinez
Explorer
‎03-22-2022 01:10 AM

@gcusello  The search of the panel has values parsed from the other panels in the dashbaord.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-22-2022 01:28 AM

Anyway, the only solution is the one I described:

you have to create one single search and save it as an alert, it isn't possible to create an alert taking parameters from other panels or inputs.

I could add that the concept of alert is to have a rule that automatically checks the conditions and triggers without human intervenes.

You could also add the sendmail command to a panel, but in this way, the mail is sent every time you open the dashboard and I don't think that's acceptable.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 02:01 AM

Hi @prettysunshinez,

you have only to take the search in the panel and run it in the Search dashboard, then you have to save it as an Alert, adding the other informations: trigger condition (count=0), scheduling, time frame, etc...).

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...