Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert triggering if there is we see "results not found" Count shows "0" in splunk dashboards.

annep8326
New Member
‎01-25-2019 10:48 AM

Sometimes there are problems in loading splunk dashboards (example: "results not found" Count shows "0" etc). Trying to alert team if there any issues in Splunk. Please help how can we achieve it?

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎01-25-2019 11:32 AM

You can add this to your panels' search SPL:

| appendpipe [
  stats count
| where count==0
| rename COMMENT1of3 AS "Splunk sendemail ALWAYS sends email, even when no results found; we address this with 2 settings:"
| rename COMMENT2of3 AS "First, we put 'null()' in 'to' header when no results; this causes 'sendemail' to error."
| rename COMMENT3of3 AS "Last, we use 'graceful=true' so that the search does not log any error for that."
| eval valueForToHeader=if(isnotnull(count), "YourAdminEmailGoesHere@YourCompany.com", null())
| sendemail
    to=$result.valueForToHeader$
    graceful=true
| rename COMMENT AS "Throw away these events so as not to pollute the regular search events"
| where count != 0]
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...