cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rob1
New Member
Member since: ‎08-21-2024
‎08-21-2024
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-21-2024
View All

Splunk alerts to Slack - how to find out the total...

by in Alerting
‎08-21-2024 07:38 AM
‎08-21-2024 07:38 AM
I have around 10 alerts set up in Slack, and I'm trying to find a way to find the total figure of each alert triggered in the previous month.  I'm using the following:   index="_internal" sourcetype="scheduler" thread_id="AlertNotifier*" NOT (alert_actions="summary_index" OR alert_actions="") | search savedsearch_name IN..... | stats count by savedsearch_name | sort -count   This works, and brings up some figures for all 10 alerts, however, for some reason it doesn't seem to be accurate. For example, I know we receive multiple alerts in a day for one particular search query (which is set to fire every 15 mins) and so a count of 23 in the previous month just isn't correct. What am I doing wrong?    Ps I'm a complete newbie here. Thanks in advance! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-21-2024 10:59 AM