I just want to know which filed name makes more sense to use for the segregation of the log type. for example, we have Linux and windows logs. for separation of the log types in the report or alert...
In alerts_actions.conf I can set up my email alert actions. I have it set so the saved search results display as a CSV attachment. Is there any way to have them displayed in-line as well? I've t...
Is there a way to send an automated alert for various types of licensing violations. It would be useful to get an automated alert when certain high water marks are reached, i.e. 90% used. And also g...
I want to create an alert that triggers when a source type doesn't exist in a lookup table (e.g. srctype.csv). But I'm not sure how to create the search string for this. The fields I'm using in the s...
Hi, I would like to use Splunk to parse xml and json data files and trigger the alert if the element "checked" is false. I would appreciate if you can provide an example on how to set up the field e...
We get an alert from sourcetype=ps as a result of running this save search: (authentication failure) OR (Account * too many attempts) OR (Failed password) startminutesago=5
We turned off the *n...
Hello,
On Splunk cloud dashboard alert setup, how I can setup the alert email to be sent as soon as the incident occurs? is it possible change the "Alerttype" from Scheduled to other type? All I...
...plunk. The Splunk Application distinguishes between 4 source types
•pp - PurePath
•pa - PageAction (Client Action)
•visit - Visit
•alert - Alert"
I do see an index named "dynatrace" but not t...
Splunk Enterprise Security uses "event types" as a means to suppress future alerting on a set of field values. We like this feature, but I want users to be able to add a new suppression without h...