×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
glenrattay
Engager
Member since: ‎06-25-2013
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎06-25-2013
Activity Feed
View All

How to set up an alert for unresponsive hosts with...

by in Alerting
‎12-15-2014 04:28 PM
‎12-15-2014 04:28 PM
I have an alert that will trigger if a host does not respond for 60 minuets. I would like to be able to be able to specify sourcetypes so that we can have different allowances. e.g 1 day, 6 hours and 60 minuets. | metadata type=hosts | eval responsive=if(recentTime < now() - 60*60*3, "no", "yes") | eval defunct=if(recentTime > now() - 60*60*24*3, "no", "yes") | where responsive="no" | convert ctime(recentTime) as last_contact | fields host, responsive, defunct, last_contact | rename host as "Host" responsive as "Responsive" defunct as "Defunct" last_contact as "Last Update" Any advice on how I can achieve this? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All