How do I specify the time zone in an alert search where I need to exclude a specific time period?
- I want to exclude the time period of midnight to 12:20am UTC
- I want to be able to change my t...
Hi, I need help on below SPL query. | eval ci= if (isnull(ci),host,ci), As per current logic, if there is no value available in ci then it will take host name as ci. Here host value is Splunk HF. ...
Hi,all
I have a question about how to write throttle alert.
I want to specify two fields.
But, I can not find document.
my field is "name" and "region".
I think name AND region OR n...
...ow to implement tokens in Email alert? that explain vey clear to use $result.<field_name>$ notation but also that "the field you want to specify must be returned in the first result row o...
I have an alert that searches every 15 mins for the count of events >150 (|where Count>150) for the same routing prefix and merchant name. There are 6 fields we list in the results: Routing p...
I have an alert that fires and while generating the alert, uses appendpipe to collect fields and generate an event in another index for collection by a third party tool. Is there a way to add t...
Hi All,
I have search which runs every four hours collecting the mailbox details. i need to alert or notify if any change in the specified field
Event @ 0
MailboxA CA=1 CA2=3
.
.
M...
I have a question. I have a table that contains groups of people with their email addresses. I want to use this table in the recipients field when creating an alert to notify users via email. For t...