Hello everyone!
I want to create an email alert that will work if the license usage limit is used a certain number of Gb throughout the day. Monitoring should be carried out in real time.
The problem is that if set the presets to monitor in "All time (real time)", then the command is not processed and the alert doesn't work properly. Is it possible to implement this, and if so, in what way?
Version of Splunk: 6.5.0
The command used as an alert:
index=_internal source=*license_usage.log type="RolloverSummary" | stats sum(b) AS used max(stacksz) AS quota by _time | eval usedGB=round(used/1024/1024/1024,3) | eval quotaGB=round(quota/1024/1024/1024,3) | table _time usedGB quotaGB | eval percentage=round(usedGB / totalGB, 1)*100 | eval usage = usedGB . " (" . percentage . "%)" | fields _time usedGB quotaGB usage | where 'usedGB' > 17
Thank you in advance!
... View more