cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
akashsawant
Explorer
Member since: ‎01-14-2022
‎06-01-2022
Community Statistics
Posts 6
Solutions 1
Karma Given 1
Karma Received 0
Member Since ‎01-14-2022
Activity Feed
View All

Re: How to create live alert result into report to...

by in Alerting
‎06-01-2022 08:06 AM
‎06-01-2022 08:06 AM
never mind @venky1544 , My bad i forgot to define KV store lookup. Now I can able to throw my search result in Akash-KV. ... View more

Re: How to create live alert result into report to...

by in Alerting
‎06-01-2022 06:38 AM
‎06-01-2022 06:38 AM
Thanks @venky1544  I created lookup  but when I trying to throw in that lookup getting weird errors, DO you have any idea on this please ? | mstats avg(_value) AS CommittedMemoryInBytes WHERE index=xyz AND metric_name=Memory.Committed_Bytes by host | join host [search index=abc sourcetype=WHM source=operatingsystem TotalPhysicalMemoryKB=*] | eval PercentCommittedMemory = round( (CommittedMemoryInBytes*pow(2,-30)) / (TotalPhysicalMemoryKB*pow(2,-20) )*100,2) | where PercentCommittedMemory > 115 | table host,PercentCommittedMemory,CommittedMemoryInBytes,TotalPhysicalMemoryKB | outputlookup Akash-KV     ... View more

How to create live alert result into report to fet...

by in Alerting
‎05-31-2022 01:14 PM
‎05-31-2022 01:14 PM
Present scenario:  We have alert " high memory "  detect systems if memory hits the set threshold ( if Committed Memory usage is over 115% ) - Running on schedule every hour at 15 minutes past hour  Requirement :  This alert give us kind of live result but We need historic data in terms of report so that we can do review at the end of month to understand Host "Alpha" caught into this alert for x times in month , Host "beta" caught into this alert for y times ...so on. Basically need to find particular host how frequently and how many times having high memory.   | mstats avg(_value) AS CommittedMemoryInBytes WHERE index=xyz AND metric_name=Memory.Committed_Bytes by host | join host [search index=abc sourcetype=WHM source=operatingsystem TotalPhysicalMemoryKB=*] | eval PercentCommittedMemory = round( (CommittedMemoryInBytes*pow(2,-30)) / (TotalPhysicalMemoryKB*pow(2,-20) )*100,2) | where PercentCommittedMemory > 115 | table host,PercentCommittedMemory,CommittedMemoryInBytes,TotalPhysicalMemoryKB     Any help will be appreciated. ... View more
Labels

Re: How to create alert when no set message for X ...

by in Alerting
‎01-18-2022 05:37 AM
‎01-18-2022 05:37 AM
Thanks @isoutamo for your time and suggestion. I made it work using following search: index= ABC source="xyz.ps1" host = WWW-* Message="Beginning of xyz.ps1 Execution" | dedup host | eval age=now()-_time | where age > 3600 | table _time host age   Note: 3600 means 60 minutes ( 60 x 60 ) ... View more

How to create alert when no set message for X minu...

by in Alerting
‎01-14-2022 02:16 AM
‎01-14-2022 02:16 AM
Hello,  We have a PowerShell script job ( xyz.ps1 ) run on all hosts every 10 minutes and when it starts write message in to EV Application log as "Beginning of xyz.ps1 Execution " , We found sometime that xyz.ps1 gets stuck into weird state and we didnt see message in last 60 minutes for some hosts. I was able to create alert where i get list of hosts which shows that message. But I am exactly looking for : I want to set an alert in splunk which will report host name where we dont see "Beginning of xyz.ps1 Execution" message in last 60 minutes , So that I'll get to know these hosts where script didnt execute well. search:   index= ABC source="xyz.ps1" host = WWW-*  "Beginning of xyz.ps1 Execution" | table _time host | dedup host | eval age=now()-_time | where age > 60 Is above search is correct ? Thanks for your suggestions ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-01-2022 05:19 PM
Karma given to
View All