Solved: How to trigger an alert if any value in a table cr...

pashernx · ‎06-02-2015

I want to create an alert based on a table like below:

Field| Value
A| 10
B| 25
C| 40
D| 30
E| 45
F| 15

The alert should be triggered when any of the field values cross a threshold (say 50). I would like to have the details about the field that caused the alert on the email. Is there a possibility to do this in a single alert in Splunk or should I created multiple alerts for each row?

Thanks,

woodcock · ‎06-02-2015

You can use this search

... | stats max(Value) AS MaxValue BY Field | where MaxValue > 50

Then have the alert email and "include result inline" and trigger when numresults>0

View solution in original post

woodcock · ‎06-02-2015

You can use this search

... | stats max(Value) AS MaxValue BY Field | where MaxValue > 50

Then have the alert email and "include result inline" and trigger when numresults>0

pashernx · ‎06-02-2015

Thanks it worked.

How to trigger an alert if any value in a table crosses a threshold and include details about the corresponding field in the email?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!