Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About dgard
dgard
Explorer
Member since:
12-19-2016
06-05-2020
Community Statistics
| Posts | 5 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 12-19-2016 |
Activity Feed
- Posted Re: How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 07:32 AM
- Posted Re: How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 07:32 AM
- Posted Re: How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 07:09 AM
- Posted Re: How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 05:48 AM
- Posted How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 03:36 AM
- Tagged How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 03:36 AM
- Tagged How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 03:36 AM
- Tagged How can I send the number of results OR all search results via a webhook triggered by an alert? on Alerting. 08-31-2018 03:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
08-31-2018
07:32 AM
All I had to do here was return a count from the search, as opposed to the full results of the search.
index="my-index-name" THIRD_PARTY_ERROR | stats count as total
... View more
08-31-2018
07:09 AM
Yes, that's the idea. I think I may have figured this out - I can append " | stats count as total" to my saved search, and that should hopefully do the job - will update when I've tested.
... View more
08-31-2018
05:48 AM
I'm using a basic search, simply searching for any events with an occurrence of "THIRD_PARTY_DOWN" within a single index.
index="my-index-name" THIRD_PARTY_ERROR
May I ask, how do you think that will affect the POST body sent by a webhook?
... View more
08-31-2018
03:36 AM
I've tried triggering 'Once' and 'For each result', and in both cases I see only one result in the POST body send via the webhook. I've included an example below.
I was hoping for either all results, so that I could count them, or better yet a count of results. Is this possible?
Example result
{
"app": "search",
"owner": "emailaddress@adomain.com",
"search_name": "Alert Name",
"results_link": "http://a.pointless.url/that/doesn%27t/work",
"sid": "scheduler_ZGF2aWQuZ2FyZEBsYW5kbWFyay5jby51aw__search__RMD5decc55088fa60070_at_1535711100_37050",
"result": {
"splunk_server_group": "",
"_eventtype_color": "",
"_cd": "4:960",
"_serial": "0",
"_sourcetype": "httpevent",
"_bkt": "my-index-name~4~98B5C0B4-EAAF-4B7C-9775-56A8E159035D",
"_time": "1535710877",
"splunk_server": "splunk.adomain.com",
"_kv": "1",
"_indextime": "1535710877",
"source": "my-index-name",
"eventtype": "",
"_raw": "This is a test, everything is really fine.",
"host": "splunk.adomain.com",
"index": "my-index-name",
"_si": [
"splunk.adomain.com",
"my-index-name"
],
"punct": "__-_",
"sourcetype": "httpevent",
"linecount": "1"
}
}
My alert
Enabled: Yes
App: search
Permissions: Shared in App
Alert Type: Scheduled (Cron Schedule)
Trigger Condition: Number of Results is > 0
Actions: 2 Actions
Add to Triggered Alerts
Webhook
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
