create an alert from two diffrent events

bballad · ‎07-01-2020

We are looking to create an alert that will trigger if two distinct events happens. The first event is a DB health check and the second is a services check. we wnat the alert to tirgger if the DB comes back unhealthy AND the service is running.

I cna search for either event, but combining the searches with an append or a multisearch seems to act as an or, where the evnets show up even if only one of the searches has results. We only want the alert to trigger if both searches return values.

burwell · ‎07-01-2020

Hi. Can you show us what you have tried so far?

bballad · ‎07-01-2020

| multisearch [search index="illuminate" sourcetype="WinHostMon" "RAVN-Insight" Running ] [search index="illuminate" sourcetype="_json_overseerstatus" host="naravncore01" | spath "databases.ravn.instances.Repl1.health" | search "databases.ravn.instances.Repl1.health"!=Healthy]

bballad · ‎07-01-2020

OK folks, I am an idiot.

I was so close too. Just needed to trigger the aler on the number of sources not the number of events. I was making things far to complex in my head

thanks for looking

create an alert from two diffrent events

lookup

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor