Hello All
i'm trying to configure real time alerts for license usage which alerts my me only once if the below condition meets
only one alert if X is greater than 80 and less than 90.
only one alert if X is greater than 90 and less than 95.
only one alert if X is greater than 95.
how should i do this. please can any one help me in it
I would suggest creating a regular scheduled alert (if you want to be notified sooner, have the small frequency like every 5 min or 2-59/* * * * *
i.e. every 5 min starting at 2 min so 2, 7, 12,17...) and setup appropriate throttle period so that you're not alerted again (say throttle for 6 or 8 hours). Search that you can use (setup alert on license master splunk instance)
index=_internal source=*license_usage.log type=Usage earliest=@d latest=now
| stats sum(b) as Usage | eval Usage=round(b/1024/1024/1024,2)
| appendcols [
| rest splunk_server=local /services/licenser/stacks
| stats max(quota) as quota
| eval quota=round(quota/1024/1024/1024,2)
]
| where Usage > 0.8*quota
I would suggest creating a regular scheduled alert (if you want to be notified sooner, have the small frequency like every 5 min or 2-59/* * * * *
i.e. every 5 min starting at 2 min so 2, 7, 12,17...) and setup appropriate throttle period so that you're not alerted again (say throttle for 6 or 8 hours). Search that you can use (setup alert on license master splunk instance)
index=_internal source=*license_usage.log type=Usage earliest=@d latest=now
| stats sum(b) as Usage | eval Usage=round(b/1024/1024/1024,2)
| appendcols [
| rest splunk_server=local /services/licenser/stacks
| stats max(quota) as quota
| eval quota=round(quota/1024/1024/1024,2)
]
| where Usage > 0.8*quota