About tonitoagu

tonitoagu · ‎02-02-2023

I will definitely take a look at this! Thanks so much!

tonitoagu · ‎01-27-2023

Grazie Giusepppe.

tonitoagu · ‎01-26-2023

@gcusello thank you so much. I think i got the searches working for alerting what devices have stopped. My problem at this time is figuring out a way to act on those alerts. so on your example, do you konw how you would assign those hosts in the .csv to be looked and track while they are resolved?

tonitoagu · ‎01-26-2023

I am wondering if anyone has this issue or use case. We are trying to see if we can have a system that would alert us on when a host has stopped sending logs based on the specific index it belongs. For example: We woudl like to know if a firewall has stopped sending logs within 30min and also lets say if a host for another less continuos feed has stopped, exmaple: host A of index=trickle_feed has not send in 4 hours, etc. We are good with the logic on those searches, what i am really looking for is direction on how you create those alerts and assigned them to someone to be follow up on? what other tools you might be using for the triaging and tracking of the alert/incident/ticket/work while the feed for the Quiet host is being restored?

Posts	4
Solutions	0
Karma Given	2
Karma Received	0
Member Since	‎01-26-2023

Online Status	Offline
Date Last Visited	‎02-09-2023 11:03 AM

Splunk Enterprise logs monitoring: How do you crea...

Re: Splunk Enterprise logs monitoring

Re: Splunk Enterprise logs monitoring

Re: Splunk Enterprise logs monitoring

Splunk Enterprise logs monitoring: How do you crea...