Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need help setting a customized alert

subhadipc
Explorer
‎03-23-2012 03:38 AM

I have the following query:
.... | eval time_sec = round(time_taken/1000) | chart max(time_sec) as max_response_time by cs_uri_stem

The aim of the above is to return the maximum response time of the pages mentioned in the ... section. I want this query to be scheduled to run at midnight. Also, if the max_response_time of any page in the result set is higher than a value (say xx), it should alert by sending mails.

How do I achieve this?

Tags (1)
0 Karma
Reply

MarioM
Motivator
‎03-23-2012 02:50 PM 
| eval time_sec = round(time_taken/1000) 

| chart max(time_sec) as max_response_time by cs_uri_stem

| where max_response_time > xx

| sendemail to="elvis@server.com,john@server.com" format=html subject=myresults server=mail.server.com`

Then you saved the search and edit it in Manager >> Searches & Reports, to set the schedule

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...