We experience occasionally LDAP connectivity issues, which prevent our users from logging in to the Splunk instances. Is there a way to create an alert for such a case?
Do a search like this for the timerange when it last happened and go to the Patterns
tab. See if you can find a log that indicates the problem and then build an alert from there.
index=_* *ldap*
Do a search like this for the timerange when it last happened and go to the Patterns
tab. See if you can find a log that indicates the problem and then build an alert from there.
index=_* *ldap*
Perfect - thank you.