Hello!
I have multiple questions around the topic "Alerts" in Splunk. Here is what i am trying to achieve.. I am trying to automate a couple of Macros to run one after the other. For example:
1)My first Macro runs to extract data for a period of 6 months from another index(lets call this Complete_Data_index) into my new index( lets call it Data_Teir1)
2)My second macro runs on Data_Teir1, by generating additional fields along with the original fields as part of the results and collects it into a new index called Data_Tier2.
3)My third macro runs on the index Data_Tier2, where again it generates additional fields along with the original fields and the fields generated by Data_Tier2 as part of the results and collects it into a new index called Data_Tier3.
The requirement now is to generate logs that record if each macro run was successful,errorneous,partially successful etc. Basically to set up a logger to know what is happening at each stage of the Macro.
1)One of the questions I also had was with the feature "Trigger Conditions". If for some reason data was not collected onto Data_Tier1 from Complete_Data_index, and my "Trigger Condition" is set to Number of Results greater than 0.(refer screenshot). Will this trigger an alert to me indicating no data was collected?
2)Can all this be achieved just with Splunk or should I use Python to help me set up logging/loggers?
Please help and suggest!
Thanks in Advance!
... View more