cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
griffins
Explorer
Member since: ‎07-14-2020
‎08-06-2023
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-14-2020
View All

Re: Alert Throttle Not Working

by in Other Usage
‎07-23-2023 07:47 AM
‎07-23-2023 07:47 AM
I don't want it to run every 10 minutes, I want the search to run every 5 minutes, but throttle for 10 minutes if the alert condition is met, and an alert is triggered. ... View more

Alert Throttle Not Working

by in Other Usage
‎07-23-2023 07:39 AM
‎07-23-2023 07:39 AM
Hi folks, I have a very simple alert set up that triggers if the number of results is greater than 0. I'd like to throttle the alert from triggering again for a specified time period, but the throttle seems to be ignored. Search: index=sample host=example_host Schedule: Cron - */5 * * * * Trigger: Number of Results > 0 Trigger Once Throttle: Suppress triggering for 10 minutes. Action: Send email. The alert triggers with no problem; however, rather than throttling for 10 minutes, the alert gets triggered again after 5 minutes if the condition is met. It's a simple search where the trigger condition is there being any results at all. What am I doing wrong here? Any help would be greatly appreciated! ... View more

Re: Can I create a search parameter that maps to m...

by in Splunk Search
‎06-08-2022 10:59 AM
‎06-08-2022 10:59 AM
I think this would work; however, after reading through some of the eventtype documentation, search macros were suggested if I was looking to shorten a search. So I was able to create what I needed using search macros, but I believe your suggestion would also work 🙂 Thank you! ... View more

Can I create a search parameter that maps to multi...

by in Splunk Search
‎06-08-2022 09:07 AM
‎06-08-2022 09:07 AM
For context, I'm creating a dashboard where a user can search activity of all hosts in an environment or one host in that same environment. Unfortunately, the naming convention used for hostnames makes searching all hosts in a specific environment a bit more complicated than using a single field/value pair with a wildcard. For example, searching all non-production hosts would require a search similar to the following in my case:   index=servers host!="*prd*" AND (host="*30*" OR host="*40*")   In the dashboard, I'd like the user to be able to select a single hostname from a dropdown, or an "All Servers" option from the dropdown. With that being said, is there a way I can map all the hostnames to a single "field value" such that something like...   index=servers host=allhosts    ...would accomplish the same thing as my initial search example? This would be helpful as it would allow me to use a token for the host field when a user selects an option from the hosts dropdown. ... View more
Labels

Re: Filter Email Address Country of Origin Using L...

by in Splunk Search
‎07-14-2020 09:04 AM
‎07-14-2020 09:04 AM
@anilchaithu This works great! Thank you so much. ... View more

Filter Email Address Country of Origin Using Looku...

by in Splunk Search
‎07-14-2020 08:46 AM
‎07-14-2020 08:46 AM
Assume I have a simple search that lists in a table the email addresses of those who recently sent an email: index=email | table sender  The email index does not have a field that identifies the country the sender address is from; however, it is known that the listed sender addresses are from many different countries. If I have a lookup that contains all the email addresses located in the US using the format: email country address1@mail.com US address2@mail.com US ...  How can I filter my search results to only contain sender email addresses from those located in the US (based off of the lookup), while also adding a field to the table that shows US? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-06-2023 09:32 AM
Karma given to
View All