Hello,
scheduling an alert to notify me what my current license usage is and I can't get it to trigger since the events return null but rather show a statistic row. How can I get my alert to trigger when events are null?
here is my query:
| rest splunk_server=local /services/licenser/pools | rename title AS Pool | search [rest splunk_server=local /services/licenser/groups | search is_active=1 | eval stack_id=stack_ids | fields stack_id] | join type=outer stack_id [rest splunk_server=local /services/licenser/stacks | eval stack_id=title | eval stack_quota=quota | fields stack_id stack_quota] | stats sum(used_bytes) as used max(stack_quota) as total | eval usedGB=round(used/1024/1024/1024,4) | appendcols [| stats count AS tnow | eval tnow = now() | eval timenow=strftime(tnow,"%H%M") | eval useMAX=((timenow/2400)*100)] | convert num(useMAX) as IntMax | eval license_stats=if('usedGB' >= 'IntMax', "WARNING", "GOOD") | fields usedGB, license_stats, IntMax
... View more