|
Hi, I am running the following saved search every 10 minutes which will send an email if *xception is found in the filenetlistener.log file. The email contains the alert along with a csv file which outlines the number of severities. host=itp-srv-03 index=app sourcetype=filenetlistener source="D:\EAI\axis-jms\logs\listener.log" | search *xception | stats count | rangemap field=count low=0-0 default=severe Do you know is it possible for Splunk to include in the email the listener log file or an extract of the listener log showing the exception? Thanks in advance. |
|
I would suggest this search instead In your alert, set the condition to "if number of events is greater than 0" and select the option to include the results in the email. Splunk will include all the matching events as part of the alert. BTW, Splunk search is case-insensitive, so if you are searching for "Exception" or "exception" you can simply write it as and Splunk will find it regardless of capitalization. Many thanks for you reply. I am not sure if this will work for me as I need the stats count so I can display the saved search on the dashboard. This is green when when zero events of *xception are not found. I already have set the condition set to alert if the number of events is greater than zero. When one event is found this turns the dashboard to red.
(30 May '12, 07:25)
itsomana
|
