Hello, Background: I am generating alerts around our Office 365 Environment using the Content Pack for Microsoft 365. I have limited search query experience but willing to put in the time to l...
Hi,all
I have a question about how to write throttlealert.
I want to specify two fields.
But, I can not find document.
my field is "name" and "region".
I think name AND region OR n...
...hat two separate alerts get triggered, one for the row1 and second for the row2, the idea is that they are then sent to separate email recipients.
Now, what I did what to use throttling per result w...
...uppress when both fields are found in subsequent alerts, however, it seems like this might say for any future alert that contains either field, don't alert again. Some clarity would be nice! (The d...
Is it possible to throttlealerts by field value?
For example: I want to alert when the value of field "action" is "delete" and throttle any subsequent results for 10 minutes unless the value o...
I am trying to setup a throttle on an alert for multiple fields. In the example below, I only want to throttlealerts that contain the same user and url so I should get an alert for all the events e...
How to create an alert for any forwarders that are reaching max thruput consistently?
index=_internal source="*splunkd.log" | eval KBps=tcp_Bps/1024 | stats sum(KBps) as throughput by host | w...