Solved: Re: is it possible to set up a single alert for 15...

Abilan1 · ‎05-27-2015

Hi,

I have 15 servers, I want to set up the same alert for the 15 servers. I am going to use a common search string to search in the all servers log. Is it possible to set up a single alert? also If I set up a single alert how come it will give me the server name in alert?

Thanks,
Abilan

stephanefotso · ‎05-27-2015

Let suppose that the host field identify each server. Here yougo!

index=......  host=*  "JDESPECRESULT_JDBFAILED"|table host

Then set up a PerResult alert,

SGF

View solution in original post

stephanefotso · ‎05-27-2015

Let suppose that the host field identify each server. Here yougo!

index=......  host=*  "JDESPECRESULT_JDBFAILED"|table host

Then set up a PerResult alert,

SGF

Abilan1 · ‎05-29-2015

Hi Stephane,

Thanks for the help. can you please let me know why we are using Index here?

Regards,
Abilan..

stephanefotso · ‎05-29-2015

I was in the case, each server is forwarding data to the indexer. But in your case, there is no need to use the index.
Thanks

SGF

woodcock · ‎05-27-2015

Yes, mostly. You can do something like this:

... | stats count by server

Then in the Alert set it to trigger an alert for each event returned. I do not know about including the server name in the subject, though.

Abilan1 · ‎05-27-2015

Thank you. I will check from my side..

stephanefotso · ‎05-27-2015

I think it is possible. Please what do you want exactly the alert to do with your 15 servers? And also, what is the search query your are using?

SGF

Abilan1 · ‎05-27-2015

I am going to use this search string "JDESPECRESULT_JDBFAILED". If this string occurs in any of the server logs, I need the server name detail in the alert.

is it possible to set up a single alert for 15 servers?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...