Solved: Spam Alert

Splunker4Life · ‎01-08-2013

Hi all,

I want to set up a spam alert in Splunk that will notify me if we receive excessive emails from a certain source eg 200 emails within a 1 hour timeframe.

I was wondering if such an alert can be made and if so some guidance on how to do so.

Thanks in Advance

lguinn2 · ‎01-08-2013

Sounds like you want to define a scheduled alert.

First, figure out the search that will identify spam. Maybe something like this

sourcetype=myemail | stats count by mailerDomain | where count >= 200

Then click "Create Alert" from the pull-down menu on the right, and follow the directions in the documentation. The search that I have given would trigger an alert if you used the conditions "number of results > 0"

HTH

View solution in original post

lguinn2 · ‎01-08-2013

Sounds like you want to define a scheduled alert.

First, figure out the search that will identify spam. Maybe something like this

sourcetype=myemail | stats count by mailerDomain | where count >= 200

Then click "Create Alert" from the pull-down menu on the right, and follow the directions in the documentation. The search that I have given would trigger an alert if you used the conditions "number of results > 0"

HTH

Spam Alert

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life