Hi Splunk, Newbie here 😅 want to ask about alert. for example we have data like Name Time StatusCode AAA 2021-02-02 08:00 404 AAA 2021-02-02 08:01 200 BBB 2021-02-02 09:00 503 CCC 2021-02-02 09:01 404 BBB 2021-02-02 09:30 200 CCC 2021-02-02 09:30 200 How to create a alert base on table with cron every per 5 minutes. if StatusCode != 200 alert notif startdown and if StatusCode =200 alert notif Solved. Example for the alert base on table: "Hi AAA, you are down on 2021-02-02 08:00" and email again if the AAA StatusCode changed to 200 "Hi AAA, you are now SOLVED on 2021-02-02 08:01" done, until the StatusCode Changed to !=200 the alert send me the email again. Another Example: "Hi BBB, you are down on 2021-02-02 09:00" then the StatusCode Changed to 200 "Hi BBB, you are now SOLVED on 2021-02-02 09:30" On the splunk alert menu, we didn't find for reset alert when trigger condition is no longer true. So we need a help and advice. Thank you
... View more