I just want to know which filed name makes more sense to use for the segregation of the log type. for example, we have Linux and windows logs. for separation of the log types in the report or alert...
In alerts_actions.conf I can set up my email alert actions. I have it set so the saved search results display as a CSV attachment. Is there any way to have them displayed in-line as well? I've t...
...serId: 32
} Instead of having one alert mixed with many different errors, I would like to create a new alert for every type of error: Alert 1 {
errorClass: N...
...ometime that xyz.ps1 gets stuck into weird state and we didnt see message in last 60 minutes for some hosts. I was able to create alert where i get list of hosts which shows that message. But I am e...
Hi, I would like to use Splunk to parse xml and json data files and trigger the alert if the element "checked" is false. I would appreciate if you can provide an example on how to set up the field e...
Is there a way to send an automated alert for various types of licensing violations. It would be useful to get an automated alert when certain high water marks are reached, i.e. 90% used. And also g...
This is my search I am trying to use in an event type so I can tag my events.
index = mail
| eval Subject=coalesce(Subject,subjectx)
| search
Subject = "*NVEM Battery Alert*"
But i get t...
We get an alert from sourcetype=ps as a result of running this save search: (authentication failure) OR (Account * too many attempts) OR (Failed password) startminutesago=5
We turned off the *n...