How to use Splunk to create an alert to Glip

jpage1944 · ‎10-02-2019

The process has been to set up an alert to look back 1 minute with a snap to the start and end of the minute.
This process would not trigger on all log entries. The process was changed to a 5 minute process that would look back 5 minutes and process every log entry.

This would still not report all log entries. One minute look back schedule missed a small number of entries but with a 5 minute look back it is missing large sections of entries.
When I run the SPL query in Splunk it shows the missing log entries that should be in Glip.

How can I get Splunk to trigger an action on all log entries with no more than a 5 minute look back? [Search 5min Configuration]

(https://i.stack.imgur.com/RmEaq.png)

jpage1944 · ‎11-08-2019

The receiving end was overloaded it would drop splunk webhook requests.

jpage1944 · ‎10-03-2019

evzhang thanks for the edits but you have no advice on how to get a hundred % accuracy?

How to use Splunk to create an alert to Glip

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!