Splunk Search

How to set an alert for a search if the stats count=0?

bfilippi
New Member

Hi

I am counting events and want to raise an alert if it is equal to zero

source="ES.csv"  index="mdata" sourcetype="csv" | stats count

I would like it to raise an alert if stats count = 0

how do I do this?

Thanks

Tags (3)
0 Karma
1 Solution

jeffland
SplunkTrust
SplunkTrust

It's easier than that. Do the search

source="ES.csv" index="mdata" sourcetype="csv"

and set the alerting options to alert you when it does not return results.

View solution in original post

jeffland
SplunkTrust
SplunkTrust

It's easier than that. Do the search

source="ES.csv" index="mdata" sourcetype="csv"

and set the alerting options to alert you when it does not return results.

bfilippi
New Member

thanks, I will try it. As you said, very straightforward!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...