Splunkers,
I have a question regarding a report:
We made a report with 15 searches that is being to delivered to a different team once a day as a PDF. However, often times, all the searches in the report don't have any results, so we are wondering if the report can also be triggered like an alert only if it has at least one result?
So far I only came up with the idea to just make 15 individual alerts instead of a report. Is there an easier way to do this? I cannot combine all searches into one alert since I use Splunk DB Connect and query different schemas and databases in the searches.
Thank you,
Oliver
You can try saving the Report as Scheduled Report which runs on scheduled basis and then choose alert action on the scheduled report to send out emails. Refer to following documentation on Scheduled report and how to setup the same:
You can try saving the Report as Scheduled Report which runs on scheduled basis and then choose alert action on the scheduled report to send out emails. Refer to following documentation on Scheduled report and how to setup the same:
Thank you!