cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
isamrat
Explorer
Member since: ‎03-21-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 4
Karma Received 0
Member Since ‎03-21-2018
Activity Feed
View All

Re: How do you dynamically send an email notificat...

by in Alerting
‎10-31-2018 12:45 PM
‎10-31-2018 12:45 PM
Thanks for your insights. But I would rather prefer to have some solution based on scripting. Let me know if you have any solution based on scripting. ... View more

How do you dynamically send an email notification ...

by in Alerting
‎10-31-2018 12:09 PM
‎10-31-2018 12:09 PM
I have one alert stanza in my savedsearches.conf. Now, I want to dynamically send email notifications to the consumers based on the output of the result query. Suppose the alert query will give me the below output table after one run: Now, based on the consumer names, I should be getting email alerts to different **email Ids** with different email subjects dynamically. So that I don't need to set up multiple alert stanzas in savedsearches.conf for different email recipients. Please let me know how I can implement this. ... View more

How to use different time ranges in sub-queries in...

by in Splunk Search
‎07-03-2018 10:26 AM
‎07-03-2018 10:26 AM
I am using a composite query which has join to another query. I need to use a longer time range in the main/outer query and the inner query should have the time range from the dispatch.earliest_time defined in the savedsearches.conf. Suppose I have the below configurations in savedsearches.conf cron_schedule = 05,25,45 * * * * dispatch.earliest_time = -25m@m dispatch.latest_time = -5m@m search=index=data_set earliest=-120m@m app= "demo" Status=SUCCESS | join FileName,FilesCount [ search index= data_set app=demo status_message= "not completed"| table FileName,FilesCount] | table FileName,FilesCount, status,_time Will the above config work? The below query need to be run for last 2 hours: index=data_set app= "demo" Status=SUCCESS The below query need to be run for the savedsearches.conf configurations: index= data_set app=demo status_message= "not completed" | table FileName,FilesCount The query can not be changed. Please help me to do this. ... View more

How to trigger alert emails for each of the unique...

by in Alerting
‎05-14-2018 09:04 AM
‎05-14-2018 09:04 AM
I want to get alert emails for each of the unique ids that the query will return, and the unique Ids may have more than one row. For example: Suppose my system will process the incoming files and the file name will get logged. The report for 15 mins may look like below: For the above result I would need two email alerts, one for the filename asd123 and another for qwe789 like below: Please let me know if this thing is possible or not and if possible please let me know the solution. Thanks. ... View more

How to filter search results by lookup tables base...

by in Splunk Search
‎03-21-2018 04:56 AM
‎03-21-2018 04:56 AM
I want to filter my search results based on lookup table. But the road block here is that I want not only to match few fields from the lookup table but also I need to match some field value based on arithmetic operators like ">" , "<" etc. Say, I have the below table as output of a search: The Lookup table will look like below: So, the filtered result result will look like: Location Company Unit Production UK IBM 56 In general the filter will be "(Location="UK" AND Company="IBM" AND Unit_Production>50) OR (Location="US" AND Company="Google" AND Unit_Production<70)" Please help me to resolve this through splunk Lookup table. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to