cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
akashsawant
Engager
Member since: ‎01-14-2022
‎01-18-2022
Community Statistics
Posts 2
Solutions 1
Karma Given 1
Karma Received 0
Member Since ‎01-14-2022
Activity Feed
View All

Re: How to create alert when no set message for X ...

by in Alerting
‎01-18-2022 05:37 AM
‎01-18-2022 05:37 AM
Thanks @isoutamo for your time and suggestion. I made it work using following search: index= ABC source="xyz.ps1" host = WWW-* Message="Beginning of xyz.ps1 Execution" | dedup host | eval age=now()-_time | where age > 3600 | table _time host age   Note: 3600 means 60 minutes ( 60 x 60 ) ... View more

How to create alert when no set message for X minu...

by in Alerting
‎01-14-2022 02:16 AM
‎01-14-2022 02:16 AM
Hello,  We have a PowerShell script job ( xyz.ps1 ) run on all hosts every 10 minutes and when it starts write message in to EV Application log as "Beginning of xyz.ps1 Execution " , We found sometime that xyz.ps1 gets stuck into weird state and we didnt see message in last 60 minutes for some hosts. I was able to create alert where i get list of hosts which shows that message. But I am exactly looking for : I want to set an alert in splunk which will report host name where we dont see "Beginning of xyz.ps1 Execution" message in last 60 minutes , So that I'll get to know these hosts where script didnt execute well. search:   index= ABC source="xyz.ps1" host = WWW-*  "Beginning of xyz.ps1 Execution" | table _time host | dedup host | eval age=now()-_time | where age > 60 Is above search is correct ? Thanks for your suggestions ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-18-2022 12:09 PM
Karma given to
View All