Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert based on time range and message

Jiten009
Explorer
‎04-09-2013 09:32 AM

Hi All,

I want to set alerts based on the message in a particular time range. My logs look like :

08 Apr 2013 11:31:48,987 INFO Scheduler-Job-3 FileUtil - time=2013-04-08T11:31:48.987CDT,Level=Info,Message = File scheduler done

This task will execute every day at 11.30, so I want to set an alert if "File scheduler done" message is not appearing in logs between 11.30 to 11.40.

Please help me in creating such alert.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

jonuwz
Influencer
‎04-09-2013 12:46 PM

Try this definiing it this way :

search = "File scheduler done"
start time = @d+11h+30m
end time = @d+11h+40m
schedule type = cron
cron schedule = 45 11 * * *
alert condition = if number of events is equal to 0
alert mode = once per search

View solution in original post

Reply
Solved! Jump to solution

Jiten009
Explorer
‎04-09-2013 02:53 PM

Hi,

I tried this way and its working. I am not sure if it fails to alert in any exceptional scenario.

earliest=@d+690m latest=@d+700m AND Message != "File scheduler done"

0 Karma
Reply
Solved! Jump to solution
Solution

jonuwz
Influencer
‎04-09-2013 12:46 PM

Try this definiing it this way :

search = "File scheduler done"
start time = @d+11h+30m
end time = @d+11h+40m
schedule type = cron
cron schedule = 45 11 * * *
alert condition = if number of events is equal to 0
alert mode = once per search
Reply
Solved! Jump to solution

Jiten009
Explorer
‎04-09-2013 02:54 PM

Thanks for your help.

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...