Our splunk instance is receiving events / log information via UDP. Is it possible to trigger an email alert if I have not received events after a certain period of time?
pasting to an answer
hello,
how about something like that:
<your search for events for this data> earliest= latest=now | stats count
save the alert and trigger if count = 0
pasting to an answer
hello,
how about something like that:
<your search for events for this data> earliest= latest=now | stats count
save the alert and trigger if count = 0
hello,
how about something like that:
<your search for events for this data> earliest= latest=now | stats count
save the alert and trigger if count = 0
this worked thank you