Solved: Re: How to trigger an alert if any value in a tabl...

pashernx · ‎06-02-2015

I want to create an alert based on a table like below:

Field| Value
A| 10
B| 25
C| 40
D| 30
E| 45
F| 15

The alert should be triggered when any of the field values cross a threshold (say 50). I would like to have the details about the field that caused the alert on the email. Is there a possibility to do this in a single alert in Splunk or should I created multiple alerts for each row?

Thanks,

woodcock · ‎06-02-2015

You can use this search

... | stats max(Value) AS MaxValue BY Field | where MaxValue > 50

Then have the alert email and "include result inline" and trigger when numresults>0

View solution in original post

woodcock · ‎06-02-2015

You can use this search

... | stats max(Value) AS MaxValue BY Field | where MaxValue > 50

Then have the alert email and "include result inline" and trigger when numresults>0

pashernx · ‎06-02-2015

Thanks it worked.

How to trigger an alert if any value in a table crosses a threshold and include details about the corresponding field in the email?

Customer Experience | Splunk 2024: New Onboarding Resources

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...