Alerting

search within last 5 minutes

ssehgal
Explorer

hello,
i want to trigger an alert on splunk where if i dont have any data coming in within 5 minutes splunk sends out an alert.

I am using time as -5m@m and @m

thanks

Tags (2)
0 Karma
1 Solution

lukejadamec
Super Champion

Not sure which part you need help with....

Create your search WithOut a start and stop time.

Save the search.

Go to Manager>Searches and Reports>

In the Time Range

Start -5m@s Finish Time now

Find the search you saved, open it, and select Schedule this Search

For Schedule Type, select cron, and enter */5 * * * *

For Alert Condition select If Number Of Events, and the condition Is Less Than 1

For Alert Actions select Send Email Enable. Enter a subject and your email address.

View solution in original post

0 Karma

lukejadamec
Super Champion

Not sure which part you need help with....

Create your search WithOut a start and stop time.

Save the search.

Go to Manager>Searches and Reports>

In the Time Range

Start -5m@s Finish Time now

Find the search you saved, open it, and select Schedule this Search

For Schedule Type, select cron, and enter */5 * * * *

For Alert Condition select If Number Of Events, and the condition Is Less Than 1

For Alert Actions select Send Email Enable. Enter a subject and your email address.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...