Hi all
We are watching 44 critical items in Splunk, and we have a search running to let us know if the service is up or down.
> index="winevents_server" sourcetype=updown | lookup updownhosts.csv IP OUTPUT Device_name,Use,Model | dedup IP | rename stats as status |table _time,IP Device_name, Model, status
> Blockquote
how can we alert if any of the values change from up to down or down to up ?
i know how to alert on each one, but I did not want 44 searches running at once. is there a way of doing this with one search?
... View more