All Apps and Add-ons

Creating threshold alerts.

paul_1994
Path Finder

I had a request to provide the alert below and I am trying to figure out the best way to tackle it.

run this query every 5 minutes and response time >2000 for more than 10 occurrences then raise email to below group also if possible please plot the timechart with this query

index=xxx_logs service_name=cix* operation=GetTypeFrom* Transaction_time>2000  | timechart max(Transaction_time) by operation

Thanks in Advance!

Update:

I created an alert to run every 5min and to alert if threshold reaches over 10 occurrences.

Tags (1)
0 Karma

kristian_kolb
Ultra Champion

Hi, the query below would give you a table of operations that have exceeded 2000 (ms?) more than 9 times for the time period searched. I'm not exactly sure that that's what you're asking for, but I think so.

index=xxx_logs service_name=cix* operation=GetTypeFrom* Transaction_Time > 2000 |stats c by operation | where c>9

If you want to make a chart of that, you could replace the stats with a timechart span=5min

Hope this helps,

K

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...