Solved: search within last 5 minutes

ssehgal · ‎10-01-2013

hello,
i want to trigger an alert on splunk where if i dont have any data coming in within 5 minutes splunk sends out an alert.

I am using time as -5m@m and @m

thanks

lukejadamec · ‎10-01-2013

Not sure which part you need help with....

Create your search WithOut a start and stop time.

Save the search.

Go to Manager>Searches and Reports>

In the Time Range

Start -5m@s Finish Time now

Find the search you saved, open it, and select Schedule this Search

For Schedule Type, select cron, and enter */5 * * * *

For Alert Condition select If Number Of Events, and the condition Is Less Than 1

For Alert Actions select Send Email Enable. Enter a subject and your email address.

View solution in original post

lukejadamec · ‎10-01-2013

Not sure which part you need help with....

Create your search WithOut a start and stop time.

Save the search.

Go to Manager>Searches and Reports>

In the Time Range

Start -5m@s Finish Time now

Find the search you saved, open it, and select Schedule this Search

For Schedule Type, select cron, and enter */5 * * * *

For Alert Condition select If Number Of Events, and the condition Is Less Than 1

For Alert Actions select Send Email Enable. Enter a subject and your email address.

search within last 5 minutes

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!