Solved: How to schedule a report to be emailed every 15 mi...

LokiMelkoR · ‎05-25-2016

Hello

I want to generate an email report on our syslog once every 15 minutes listed down with the events on that time frame. I don't want an email for every syslog.

Sort of a Rollup email that includes whatever was seen in the last 15 minutes.

EG: if 1 Syslog in last 15 minutes 1 Email with those.
10 syslogs in last 15 minutes 1 Email with those.
20 syslogs in last 15 minutes 1 Email with those

Thank you, any help much appreciated.

jkat54 · ‎05-25-2016

Create a search over the last 15 minutes. Save it as an alert. Schedule it to run every 15 minutes.

Set it so it sends one notification per run.

View solution in original post

jkat54 · ‎05-25-2016

Create a search over the last 15 minutes. Save it as an alert. Schedule it to run every 15 minutes.

Set it so it sends one notification per run.

LokiMelkoR · ‎06-01-2016

Awesome, Thanks ! I tested it out. Works really good.

I would like to get this report to multiple syslogs. I only did for one (lets say host 'alpha') :
host = "alpha" 01070638

so lets say if i have bravo, charlie, echo.. etc. Do i use as,
host = "alpha" 01070638 or host = "bravo" 01070638 or host = "charlie" 01070638... etc. ?

jkat54 · ‎06-01-2016

OR should be capitalized and the number / numerical string "01070638" you're searching for only needs to be entered once.

jkat54 · ‎06-01-2016

Like this

host=a OR host=b OR host=c 0123456789

LokiMelkoR · ‎06-02-2016

Thanks again dude 🙂

How to schedule a report to be emailed every 15 minutes that includes all syslog events since the last report?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...