Please help I am trying to make a search for a string in the past five minutes and if there are over 100 I want an email alert.
Many Thanks!
What type of information are you looking for? What does your data look like?
Searches are pretty basic - figure out what you want to look for, save it and set up an alert.
Taking a look at http://www.splunk.com/base/Documentation/latest/User/AboutSearch and http://www.splunk.com/base/Documentation/latest/User/MonitoringRecurringSituations for some more information..
View solution in original post
The docs Brian reference are good places to start.
