how to I set an alert to search every 5 minutes ?

sbeamro · ‎01-13-2015

Hi,
how do I set an alert to check the status every 5 minutes ?
and another question - how can I set the throttle to be set per host ?

for example - I'd like to get an alert when a host is sending syslog about Spanning Tree root guard.
and I'd like the alert to ignore that specific host for 1 hour.
BUT I do want the alert to alert me in case that another host is sending the same alert.

is that possible ?

aholzer · ‎01-13-2015

The below link should walk you through how to set up an alert. It even uses host as a throttling example.

About alerts

Here's another example: Alert examples

Hope this helps

sbeamro · ‎01-18-2015

I'm sorry but I don't understand from these links how to set alert to scan the indexer every 1 minute or every 5 minute.
can you please elaborate ?

aholzer · ‎01-20-2015

To edit the scheduling of the alert do the following:

Save the search as a report (or alert)
Go to settings > searches, reports and alerts
Click on the name of the report/alert
Check the box "Schedule this search"
The first option should be how frequently you run the report/alert. Schedule type is either basic or cron. If you select basic it will give you options such as "every minute" or "every hour". If you select cron, you will be allowed to enter the exact cron format of how you want the job to run.

Hope this helps

how to I set an alert to search every 5 minutes ?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life