Re: Alert when ping UP and DOWN

jack1 · ‎06-12-2022

My i know how to set ping how many times fail or success , then only it will send alert?

Currently I was told tht it only ping 1 time in 5mins, then it will send out alert if DOWN. which I think 1 time ping is too short to conclude the IP is DOWN. I wanted to change it to 5 times ping , if 100% only consider IP is DOWN. May I know how to do it ?

jack1 · ‎06-12-2022

Hi,

I dont understand. you mean add this 2 cmd after existing one? or how shld it be?

ITWhisperer · ‎06-12-2022

Start with a search which finds when you have at least 5 consecutive down flags

| streamstats count reset_on_change=true by flag
| where flag="DOWN" AND count>=5

jack1 · ‎06-12-2022

Is it like this?

ITWhisperer · ‎06-12-2022

Start with

index=ping
| eval flag=if(packet_loss=100,"DOWN","UP")
| streamstats count reset+on_change=true by flag
| where count >= 5 AND flag="DOWN"

jack1 · ‎06-16-2022

Sorry i nvr do splunk before. where do i start copy the line frm current alert settings? so tht I will know which branch is DOWN , at wht date/time, with the comments as well.something like below. All info is frm the lookup file.

WAN Site: Palo Alto US Cct:11654483

16 Jun 2022 17:04:40 - WAN UP

May I knw how to link this to the lookup file? It has all the IP and branch name, location, cct id, etc.

Currently the ping is set to 5 (original is 1), interval=300s but thereafter only received UP but no DOWN alert

May i also knw how shld the time range and cron expression be configured for every 300s(5 ping)?

How to create an Alert when ping UP and DOWN?

alert condition

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!