Hi All, I'm trying to figure out a way to setup a splunk alert to do the following... When the string "GFX_On" is found in our log there should always be a "GFX_Off" string found no longer than 15 minutes after. We want splunk to alarm if it doesn't find the "GFX_Off" within 15 minutes of the last "GFX_On" it saw. Basically this is a system that fires Graphics on and off on a video production system. We want to get alerted if the "GFX_Off" command doesn't fire into our logs within 15 minutes. Hope this makes sense. Would really appreciate any help as I'm not even sure where to start. I think I would need to do an if statement of some kind in the search. Thanks!
... View more