cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jean2
Engager
Member since: ‎07-23-2014
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-23-2014
Activity Feed
View All

Re: SNMP traps received by Splunk, send notificati...

by in Getting Data In
‎07-25-2014 09:05 AM
‎07-25-2014 09:05 AM
Actually it doesn't work for Real-Time All Time and Real-Time 1 minute window. But as well for All time search. Any workaround to have an alert send if this search returns a result after a selected time window ? Thanks for your help Command: host="myhost.localdomain" AND "2001" earliest=-1m | transaction source startswith="2001" endswith="2002" keepevicted=true maxspan=1m maxpause=1m | search closed_txn=0 ... View more

Re: SNMP traps received by Splunk, send notificati...

by in Getting Data In
‎07-25-2014 07:36 AM
‎07-25-2014 07:36 AM
Hi Startcher, Actually the command works fine but only after the clear is received. I have the same issue. A notification is fired as soon as the trap is received, without waiting for the clear to appear in the 5m window. Any idea why splunk doesn't wait for the delay to timeout? Thanks for the help. ... View more

Re: SNMP traps received by Splunk, send notificati...

by in Getting Data In
‎07-24-2014 02:23 AM
‎07-24-2014 02:23 AM
Hi Startcher, Actually the command works fine but only after the clear is received. I have the same issue. A notification is fired as soon as the trap is received, without waiting for the clear to appear in the 5m window. Any idea why splunk doesn't wait for the delay to timeout? Thanks for the help. ... View more

SNMP traps received by Splunk, send notification o...

by in Getting Data In
‎07-23-2014 01:47 AM
‎07-23-2014 01:47 AM
All, I'm wondering if it is possible to have Splunk to monitor SNMP traps, but only to send a notification out if he receives a specific SNMP trap ID without receiving the clear SNMP trap within 5 minutes. If it does receive the clear then Splunk should not notify outside. Any help would be appreciated. I can put the command: host="myhost.localdomain" earliest=-5m | transaction maxspan=5m maxpause=5m | search IDtrap AND NOT IDtrapclear But with this command as soon as the SNMP Trap will be received, notification will be sent without waiting for a possible clear. Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All