×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Lalit
Engager
Member since: ‎11-18-2021
‎04-17-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎11-18-2021
View All

Re: Required to create separate alert if one field...

by in Alerting
‎04-17-2024 08:15 PM
‎04-17-2024 08:15 PM
Thank you for your response. I have already tried this.  In this search I am getting multiple srcip and multiple dstip In one row. I required one row for one srcip to one dstip but alert should be  trigger  saperatly title wise . ... View more

Required to create separate alert if one field val...

by in Alerting
‎04-17-2024 11:00 AM
‎04-17-2024 11:00 AM
Hi All, I have data like below with three fields : srcip,dstip and title . When I execute below query  .........| stats count by srcip,dstip,title Result : srcip        dstip           title srcip1     dstip1         title srcip1     dstip2       title srcip2     dstip2        title1 srcip2      dstip3       title1 srcip1       dstip2       title2   So we required to alert separate on basis title values.  For all events of one title, there should be one alert. So above example there should be trigger 3 separate alerts .   Thank you ! in Advance   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-17-2024 11:41 PM
Karma given to
View All