cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dummy_splunk
Explorer
Member since: ‎07-01-2022
‎07-04-2022
Community Statistics
Posts 5
Solutions 1
Karma Given 3
Karma Received 0
Member Since ‎07-01-2022
Activity Feed
View All

Re: condition an alert for a chart

by in Alerting
‎07-04-2022 09:27 AM
‎07-04-2022 09:27 AM
Good afternoon @PickleRick with this query I managed to obtain the values I needed index = "monitor" source="monitor/recolector.txt" | timechart values(valor) as metrica span=1h | where metrica>1 | tail 2 | transpose Thanks for your collaboration, I just have to add the conditions to complete 🙂 ... View more

Re: condition an alert for a chart

by in Alerting
‎07-01-2022 03:34 PM
‎07-01-2022 03:34 PM
perfect @PickleRick I tried again with the suggestion you make me but I get to this point: The only result that should be reflected is the "valor" field to perform the where, because if I apply it with those other columns, it takes them into consideration for the condition.   How could I omit the other fields and only the result is "valor" ... View more

Re: condition an alert for a chart

by in Alerting
‎07-01-2022 02:51 PM
‎07-01-2022 02:51 PM
thanks @PickleRick I tried with the suggestion you make me but I get to this point with the following result: and I want to make the comparison with the numeric values of the _raw column to apply the where how could i do it? ... View more

Re: condition an alert for a chart

by in Alerting
‎07-01-2022 12:38 PM
‎07-01-2022 12:38 PM
hello @PickleRick  I perform the following search: index = "monitor" source="/monitor/recolector.txt" | timechart values(valor) as recolector span=1h Result:  2022-7-1 11:19:0 GLOBAN: 15000 2022-7-1 11:29:0 GLOBAN: 15200 2022-7-1 11:39:0 GLOBAN: 16200 ............................................. From that result I generate a graph and therefore I want to take the last two measurements as values to be able to compare if there was a loss in the values by more than 10%   any suggestion? ... View more

How to condition an alert for a chart?

by in Alerting
‎07-01-2022 10:51 AM
‎07-01-2022 10:51 AM
good morning community I want to generate an alert in splunk based on some graphs that are generated from a .TXT file, therefore I only need to use the last two values generated in said file to apply a formula if said value drops 10% of its measurement. When I query the TXT file which displays a list as follows in the events: 2022-7-1 11:00:0 OVERALL: 10000 2022-7-1 12:00:0 OVERALL: 11000 I just need to get the last numeric value and the penultimate numeric value registered in the list and add them to a variable to apply the formula of comparing these two values to see if there is a difference of more than 10%. Please, if you have had a similar case, please share the solution. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-04-2022 05:57 PM
Karma given to
View All