×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ScottFree
Engager
Member since: ‎01-21-2015
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-21-2015
Activity Feed
View All

How to set up a scheduled search every 5 minutes a...

by in Alerting
‎02-04-2015 08:41 AM
‎02-04-2015 08:41 AM
New to Splunk. Trying to watch an application for abnormal response time behavior and I can't get the alert to trigger. I am obviously doing something wrong here. Here's the search string I'm using: host=MyHost* GET campaignID="*" clientID="*" memberID="*"| bucket _time span=1m | stats avg(time_taken) as avg by _time | where avg > 30 I open it in search and the search (all time) returns chunks of 5 minute results back to the software initial release. (returned 9k matches on 4M events). I had the alert scheduled on cron */5 * * * * and I have tried both number of results greater than 0 and with Trigger Condition Custom where avg(time_taken) > 30 Neither of them worked to actually generate email (email path is definitely working), or show up in the Triggered Alerts list. So my actual question's are 2: 1. Is this the right way to get the result I want, which is basically to check every 5 minutes to see if the average GET response is higher than 30 seconds. 2. Once I (we) figure out how to trigger the alert, is it going to blast me with results from all time, or just the last 5 minutes? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All