About m0ps

m0ps · ‎03-17-2017

So, any updates? Issue is still present.

m0ps · ‎04-20-2016

Yes, I've tried this, and it looks like works fine, but what about alert settings? Is that correct?

m0ps · ‎04-20-2016

Hello all! I'm newbie in Splunk and I'm trying to figure out how to create an alert based on count of unique field values. I have field src_mac and I need to trigger an alert each time the same value appears more than 4 times in search results. Example log: Apr 20 16:06:41 dhcp1 dhcpd: DHCPDISCOVER from a0:d3:c1:63:37:16 via 198.18.2.1: peer holds all free leases dest_int = 198.18.2.1 dhcp_message = DHCPDISCOVER host = dhcp1 src_mac = a0:d3:c1:63:37:16 Apr 20 16:06:41 dhcp2 dhcpd: DHCPDISCOVER from a0:d3:c1:63:37:16 via 198.18.2.1: peer holds all free leases dest_int = 198.18.2.1 dhcp_message = DHCPDISCOVER host = dhcp2 src_mac = a0:d3:c1:63:37:16 Apr 20 16:06:33 dhcp1 dhcpd: DHCPDISCOVER from a0:d3:c1:63:37:16 via 198.18.2.1: peer holds all free leases dest_int = 198.18.2.1 dhcp_message = DHCPDISCOVER host = dhcp1 src_mac = a0:d3:c1:63:37:16 Apr 20 16:06:33 dhcp2 dhcpd: DHCPDISCOVER from a0:d3:c1:63:37:16 via 198.18.2.1: peer holds all free leases dest_int = 198.18.2.1 dhcp_message = DHCPDISCOVER host = dhcp2 src_mac = a0:d3:c1:63:37:16 Apr 20 16:06:30 dhcp1 dhcpd: DHCPDISCOVER from a0:d3:c1:63:37:16 via 198.18.2.1: peer holds all free leases Also I need to suppress results containing same field value for 10 minutes. Could anybody provide example? Thanks in advance, Maxim

Posts	3
Solutions	0
Karma Given	2
Karma Received	0
Member Since	‎03-22-2013

Online Status	Offline
Date Last Visited	‎06-05-2020 02:03 AM

How to create an alert based on the count of uniqu...

Re: Splunk for Cisco Identity Services (ISE) dashb...

Re: How to create an alert based on the count of u...

How to create an alert based on the count of uniqu...