Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Snehaan
Snehaan
Explorer
Member since:
08-07-2020
02-19-2021
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 08-07-2020 |
Activity Feed
- Karma Re: How to filter out few data showing up from my search string while setting a alert notification on triggering conditi for to4kawa. 01-15-2021 03:25 AM
- Posted How to filter out few data showing up from my search string while setting a alert notification on triggering condition on Splunk Search. 12-03-2020 06:01 AM
- Karma Re: What should be the search string and trigger alert condition for below mentioned alert scheduling scenario. for richgalloway. 12-03-2020 05:46 AM
- Posted Re: What should be the search string and trigger alert condition for below mentioned alert scheduling scenario. on Splunk Search. 08-27-2020 02:32 AM
- Posted What should be the search string and trigger alert condition for below mentioned alert scheduling scenario. on Splunk Search. 08-26-2020 08:34 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-12-2020 05:42 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-10-2020 06:52 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-10-2020 06:37 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-09-2020 01:30 PM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-07-2020 03:28 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-07-2020 03:22 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-07-2020 03:17 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-07-2020 03:15 AM
- Posted Re: What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-07-2020 02:54 AM
- Posted What should be my condition that will trigger the alert action, for a search string below on Splunk Search. 08-07-2020 01:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
12-03-2020
06:01 AM
Hello team, My search string is as below: index=qrp STAGE IN ("*_RAW", T_FEED_MESSAGES) | stats sum(TRADES) as "TradeCount" by ODS_SRC_SYSTEM_CODE And the result screenshot is above. The AR1, BE1 ect are source system codes and the numerical values for each source system in the rows are the aggregate trade counts for respective source system at the time span starting from 00:00:00 hours till 05:00:00 hours. However for source systems like BE2 and MA1 the count doesn't alter all through the day and is always 1. Now when I want to custom trigger a notification alert using this search string when threshold value of trade counts for each individual source system is less than 10 at 08:00:00 then by default always BE2 and MA1 comes up in alert. Hence if I only want to exclude these two source system and take rest into consideration while setting up my custom trigger notification. How to achieve this? Kindly help me with your valuable inputs.
... View more
08-27-2020
02:32 AM
Hi @richgalloway Thank you so much for your detailed explanation with the search string. I was in need of this solution only for my business requirement. Many thanks. 🙂
... View more
08-26-2020
08:34 AM
Hi All, I have a search string like below: index=qrp STAGE IN ("*_LDD",TRADE_EVENT,SOPHIS_TRANS,SOPHIS_INSTR,ORDER_EVENT) | timechart useother=f span=1h sum(TRADES) as "TradeCount" by ODS_SRC_SYSTEM_CODE | fillnull value=0 And the result screenshot is below. The AR1, BE1 ect are source system codes and the numerical values for each source system in the rows are the aggregate trade counts for respective source system at that time span starting from 00:00:00 hours. I want to schedule an alert at 8 a.m in the morning which should get triggered when the whole summation of the trade aggregates values from 00:00:00 hours till 08:00:00 hours for each source system is not more that threshold 2000. For example, in the above screenshot, we can see the summation of trades for source system MXT is 1030 between 00:00:00 till 08:00:00 hours which is below threshold and alert email notification should be sent. Could you please help with how to set up my search string and what should be my alert triggering condition? Thanks in advance. Your help is much appreciated.
... View more
08-12-2020
05:42 AM
Hi @rnowitzki thank you for the solution. I will try this out. 🙂
... View more
08-10-2020
06:52 AM
Hi @rnowitzki , I was thinking of one more use case as below: If at 8 am the search string gives data like below: A1 A2 A3 100 200 550 At 9 am the search string gives data like below: A1 A2 A3 10 400 350 Then from 8am to 9 am, there is drop in the values for A1 and A3. Can we set an alert by comparing between two time frames and if value in previous time frame is more than the next one then schedule alerts?
... View more
08-10-2020
06:37 AM
Hi @rnowitzki Yes, I know the list of source systems for my use case, and the below solution works perfect for my case. Thanks a lot! 🙂
... View more
08-09-2020
01:30 PM
Hi @rnowitzki thank you for sharing the document link. I also had one more query related to same question. Earlier we were searching wherever value is 0 for at least one source system send alert. But what if there is a minimum threshold value for each source system, and if we want to set alert whenever any one out of 5 source system has trade values below threshold limit. Note: different source system have different thresholds.
... View more
08-07-2020
03:28 AM
@rnowitzki Many thanks for your help. 🙂 Could you also please suggest a good document to read and understand how to write search string based on the data stored behind, like in my example.
... View more
08-07-2020
03:22 AM
Hi @rnowitzki Your search string with Foreach * is working. I could see the last column Min which holds the minimum value for the entire row. So now for alert scheduling the below deatils should work right? Trigger condition: Custom Custom Condition: Min =0
... View more
08-07-2020
03:17 AM
@rnowitzki originally it looks like this.
... View more
08-07-2020
02:54 AM
Hi @rnowitzki Thank you for your reply. The 2nd solution is a great idea! I wanted to know is this the way my search string should look like now after appending your code? index=qrp STAGE IN (TRADE_EVENT) | bucket _time span=1h | timechart useother=f span=1h sum(TRADES) as "TradeCount" by ODS_SRC_SYSTEM_CODE | fillnull value=0 | foreach TradeCount* [eval Min=case(Min<<<FIELD>>,Min,true(),<<FIELD>>)] When I search this I am not able to see any new column. How should it look like. I am very new to Splunk and trying to figure out things. Kindly help. 🙂
... View more
08-07-2020
01:35 AM
Hello, I have a search string like below, where it is fetching data from stage and giving out aggregates of Trades for each source system in that stage. index=qrp STAGE IN (TRADE_EVENT) | bucket _time span=1h | timechart useother=f span=1h sum(TRADES) as "TradeCount" by ODS_SRC_SYSTEM_CODE | fillnull value=0 The results are fetched like below: TradeCount:A1 TradeCountA2 TradeCountA3 27 5 0 What should be my condition that will trigger the alert action, when sum(trades) for a source system is 0? Example: TradeCountA3 is having value Zero now.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-19-2021
01:01 PM
|
