Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert based on time range and message

Jiten009
Explorer
‎04-09-2013 09:32 AM

Hi All,

I want to set alerts based on the message in a particular time range. My logs look like :

08 Apr 2013 11:31:48,987 INFO Scheduler-Job-3 FileUtil - time=2013-04-08T11:31:48.987CDT,Level=Info,Message = File scheduler done

This task will execute every day at 11.30, so I want to set an alert if "File scheduler done" message is not appearing in logs between 11.30 to 11.40.

Please help me in creating such alert.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

jonuwz
Influencer
‎04-09-2013 12:46 PM

Try this definiing it this way :

search = "File scheduler done"
start time = @d+11h+30m
end time = @d+11h+40m
schedule type = cron
cron schedule = 45 11 * * *
alert condition = if number of events is equal to 0
alert mode = once per search

View solution in original post

Reply
Solved! Jump to solution

Jiten009
Explorer
‎04-09-2013 02:53 PM

Hi,

I tried this way and its working. I am not sure if it fails to alert in any exceptional scenario.

earliest=@d+690m latest=@d+700m AND Message != "File scheduler done"

0 Karma
Reply
Solved! Jump to solution
Solution

jonuwz
Influencer
‎04-09-2013 12:46 PM

Try this definiing it this way :

search = "File scheduler done"
start time = @d+11h+30m
end time = @d+11h+40m
schedule type = cron
cron schedule = 45 11 * * *
alert condition = if number of events is equal to 0
alert mode = once per search
Reply
Solved! Jump to solution

Jiten009
Explorer
‎04-09-2013 02:54 PM

Thanks for your help.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...