David
Reputation: 1
splunk search a log and every time a specific line has been written more than 5 time since last search send a mail
I want to search a specific log every day every 5th minute. And if a specific word is written more than 5 times i want to recieve an email.
What should my alert look like?
Have not been able to try this alert in splunk since the log has not started logging anything yet but i have a feeling im missing something in the alert :P
Upvotes: 0
Views: 104
Answers (1)
RichG
Reputation: 9916
Try this search
index=foo source=<<my specific log>> "Sign operation. Check Sign Service (dssdc_srv) log"
| stats count
| where count > 5
Have this trigger an alert if the number of results is not zero. The alert action should be an email that says the sentence was found more than five times.
Upvotes: 0
Related Questions
- Splunk Alert - exclude IP address from time range only
- How to make variables that are linked by a common correlation ID show on the same row of a Splunk table?
- How to selectively forward the log files to specific indexes in Splunk?
- Splunk - How to schedule search every 15 minutes?
- Analyze Logfile, if specified errors, exec command and alert by mail
- Angular Analytics Splunk Logging
- Using RegEx to grab a field in brackets