I want to trigger an alert if the same event happened formorethan 10 times in 10 minutes. But the condition for the event is not static. Example: index="seach" soursetype="was_debug" site="UK" "RESP:ABC" But the ABC can be dynamic like BCD can appear for 10 times and an alert should trigger for BCD. How to acheive this in Splunk alerting. Currently i have an alert with Hardcoded ABC but there are a lot of valuesandi need to write a lot of alerts foreach of them and i want to make this in a single alert.
... View more