I am displaying on a counter a value that basically counts the times a login has failed, but I would like to get an Email, every time that counter goes over 5, so that way I could monitor better what is going on or if it is an attack. Thank you!
HI @israalbo,
you can use the same search to schedule an alert.
You have only to define:
In the alert you can also set if the alert must be fired every time there's a value that exceed threshold or if there's a period, after alert, that the alert isn't executed again.
Ciao.
Giuseppe
HI @israalbo,
you can use the same search to schedule an alert.
You have only to define:
In the alert you can also set if the alert must be fired every time there's a value that exceed threshold or if there's a period, after alert, that the alert isn't executed again.
Ciao.
Giuseppe
Hi, I am new at Splunk, let me get this straight, inside the search I can get a report by email? Do you have any extra information in order to accomplish that? I would be very thankful!
HI @israalbo,
you can create your search and when you have to save it, you can choose as options:
if you choose Alert, Splunk opens a panel to set the alert options (frequency, activation, etc...) and the actions (email, script execution, etc...).
For more infos see at:
https://www.youtube.com/watch?v=0REbozaALX0
https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/Aboutalerts
Ciao.
Giuseppe