cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
masmi99
Explorer
Member since: ‎08-18-2021
‎10-15-2021
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎08-18-2021
Activity Feed
View All

using python SDK how to retrive the action items o...

by in Splunk Dev
‎10-15-2021 12:33 PM
‎10-15-2021 12:33 PM
hi Team, is it possible to retrive the action items present on an alert based on the alert name using python SDK Example i know i have an alert by the name which skipped  using that name i can retrive the query that is used. but wondering if i can retrive the action on the alert (like the webhook or the emails to which it is sent, and the cron schedule) ... View more
Labels

Re: Splunk search result Formatting

by in Alerting
‎09-30-2021 06:09 AM
‎09-30-2021 06:09 AM
Thank you it worked ... View more

Splunk search result Formatting

by in Alerting
‎09-30-2021 04:58 AM
‎09-30-2021 04:58 AM
my search query checks for the last 15m for each 5min interval Sample query: index=XXXX sourcetype=XXX* env=XXX OR env=XXX "Continuation timed out" | bucket _time span=5m | timechart span=5m count AS Devices | eval inc_severity=case('Device'>=450, "3") | eval support_group=case('Device'>=450, "XXXXX") | eval dedup_tag=case('Device'>=450, "XXXXXX") | eval corr_tag=case('Devices'>=450, "XXXXXX") | eval event_status=case('Device'>=450, "1") | eval service_condition=case('Device'>=450, "1") | table sev event dedup corr support_group service_condition _time Devices | sort 3 - Devices | sort _time | where isnotnull('inc_severity') | where 'Devices'>450 based on above query my output is as follows sev event dedup corr support_group service_condition _time Device 3 1 xxx xxx xxx 1 x 700 3 1 xxx xxx xxx 1 y 900 3 1 xxx xxx xxx 1 z 1000 but what i am trying to get the output as follows sev event dedup corr support_group service_condition. _time Device 3 1 xxx xxx xxx 1 x,y,z 700,900,1000   ... View more
Labels

Re: Splunk query to Check when no value is returne...

by in Splunk Dev
‎08-18-2021 12:32 PM
‎08-18-2021 12:32 PM
when i add where MESSAGE=0 it is not returning any result As my intention is to check for last 15 min if two of 5 min interval does not get any result to do some other action index=XXX name=file-XXX level<50 | bucket _time span=5m | fillnull value=0 | stats count(msg) as MESSAGES by _time tried this but this will provide the result as follows it skipped 3:25 when  the count was 0 2021-08-18 03:20:00 25 2021-08-18 03:30:00 139 2021-08-18 03:35:00 10     ... View more

Splunk query to Check when no value is returned

by in Splunk Dev
‎08-18-2021 12:15 PM
‎08-18-2021 12:15 PM
Scenario: Example query :  index=XXXX name=somefile | stats count(msg) as MESSAGE The above query will always return some count. I want to alert if the Message=0 for two consecutive 5 min interval over the last 15 min interval i.e. when no values are returned. earliest=-15m if two out of three interval (5min) the message=0 i want to take some actions ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-15-2021 08:45 PM
Karma given to
View All