I'm new to Splunk and I have the Search where I check one Server for 7 Services and State=Stopped and run a stats count at the end and I'd to send out a email if the count > 0
index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name=CyberTechDatabase* OR (index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name="CybertechmediaManager" ) OR (index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name=CybertechlicenseService ) OR (index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name="CyberTechSystemManager" ) OR (index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name="CybertechUserManager" ) OR (index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name="MySQL" ) OR (index="*windows" host=Q9BVPAVACT01 sourcetype=WinHostMon source=service Name="CybertechRecord*" ) State=Stopped | stats count
... View more