Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get an alert if the specific search takes more than 10 min?

prerana_jain
Explorer
‎06-20-2019 10:19 PM

Ex: "Acquired" is a keyword.
This keyword is getting for every minute.
I have to get alert if this keyword is not getting generated for more than 10 min.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-23-2019 04:13 PM

Your phrasing is unclear. Add a comment and explain it with many more words/sentences.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-21-2019 05:46 AM

Run the following search every 5-10 minutes. Set it to trigger an alert if the result count is equal to zero.

index=foo "Acquired" earliest=-10m@m
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...