×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jwv
Explorer
Member since: ‎12-05-2024
yesterday
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎12-05-2024
Activity Feed
View All

Option to rerun expired results_link ?

by in Splunk Enterprise
yesterday
yesterday
When alerting sends the $results_link$ token, the link expires relatively quickly, and as the owner of the alert when I click on it I get the option to rerun the search. No one else seems to get that option when they click on the expired link. Can this option be enabled for everyone? And why is it that only I am seeing it?  ... View more
Labels

Re: Custom alert trigger count range

by in Splunk Enterprise
‎12-11-2024 11:33 AM
‎12-11-2024 11:33 AM
I've tried this a few ways with no success, I tried to just append the where condition on the end of my query so it looks something like this    index="my-index" | search "http 404" | stats count | where count => 250 AND count <= 100   but this still just returns the number of matching events and I run into the same problem trying to set up the alert.  I have also tried with eval to output a result like this    index="my-index" | search "http 404" | stats count | eval result=if(count>=250 AND count<=500, 1, 0) | table result   which properly returns 1 or 0 depending on if the number of results are in the range I am looking for, however it is still not alerting properly when the trigger is set to >1.  I think the trigger is still running against the number of events which is also being returned (and I like that I can see this) and not the result I set up.  . Any other suggestions would be much appreciated. ... View more

Re: Custom alert trigger count range

by in Splunk Enterprise
‎12-09-2024 08:50 AM
‎12-09-2024 08:50 AM
Thank you for the tip! Do you have any suggestions on how to format this query? I'm not sure the best way to do this when I need the alert to fire based of number of results.  ... View more

Custom alert trigger count range

by in Splunk Enterprise
‎12-05-2024 12:22 PM
‎12-05-2024 12:22 PM
I want my alert to trigger when the result count is between 250 and 500, trying to use the custom trigger condition in the alert setup with     search count => 250 AND search count <=500      but this is not working as expected. Even trying to to use the custom trigger condition for one condition like search count => 250 is not working. What is the right way to do this?  ... View more
Contact Me
Online Status
Offline
Date Last Visited
yesterday
Karma given to
View All