configure alert when results=0

newbiesplunk · ‎04-17-2017

Hi, can i configure from the "searches & reports" such that it trigger alert when the results=0 or i need to write a script to trigger such alert. If can configure from "searches & reports" how to go about configuring it. thks

puneethgowda · ‎04-17-2017

In search bar search the query which you have for this alert and save as alert and give the alert name. 2.Select Trigger alert when Number of results is grater than your value 3.action send mail

jkat54 · ‎04-17-2017

Yes in trigger condition select number of results = 0.

If scripting it, same thing... Usually use something like len(), length(), count, word count (wc), etc to get the length of the results variable/object.

if len(results) == 0:
#do something

niketn · ‎04-17-2017

You can refer to the following Example of setting up alert. The example considers number of results greater than 5, you can set the same up for greater than 0. Trigger if number of results: is greater than 0

http://docs.splunk.com/Documentation/Splunk/latest/Alert/Alertexamples#Set_up_the_alert_2

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

configure alert when results=0

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!