How to create an Alert when ping UP and DOWN?

jack1 · ‎06-12-2022

My i know how to set ping how many times fail or success , then only it will send alert?

Currently I was told tht it only ping 1 time in 5mins, then it will send out alert if DOWN. which I think 1 time ping is too short to conclude the IP is DOWN. I wanted to change it to 5 times ping , if 100% only consider IP is DOWN. May I know how to do it ?

jack1 · ‎06-12-2022

Hi,

I dont understand. you mean add this 2 cmd after existing one? or how shld it be?

ITWhisperer · ‎06-12-2022

Start with a search which finds when you have at least 5 consecutive down flags

| streamstats count reset_on_change=true by flag
| where flag="DOWN" AND count>=5

jack1 · ‎06-12-2022

Is it like this?

ITWhisperer · ‎06-12-2022

Start with

index=ping
| eval flag=if(packet_loss=100,"DOWN","UP")
| streamstats count reset+on_change=true by flag
| where count >= 5 AND flag="DOWN"

jack1 · ‎06-16-2022

Sorry i nvr do splunk before. where do i start copy the line frm current alert settings? so tht I will know which branch is DOWN , at wht date/time, with the comments as well.something like below. All info is frm the lookup file.

WAN Site: Palo Alto US Cct:11654483

16 Jun 2022 17:04:40 - WAN UP

May I knw how to link this to the lookup file? It has all the IP and branch name, location, cct id, etc.

Currently the ping is set to 5 (original is 1), interval=300s but thereafter only received UP but no DOWN alert

May i also knw how shld the time range and cron expression be configured for every 300s(5 ping)?

How to create an Alert when ping UP and DOWN?

alert condition

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!