Set up your first alert in Splunk by using the same search used on the dashboard panel.
- [Instructor] Now that we've looked at some of the theory,…let's try setting up a simple alert.…First we'll start in the Search and Reporting app.…Let's do a 404 search.…I'm gonna do sourcetype=…access_combined…and AND 404.…And I'm also gonna limit this to just a one hour window.…And click search.…This looks like the data I'm looking for.…
So let me go up to Save As and select Alert.…I'm gonna call this Critical 404s…and we're gonna come up with a threshold…where the number of 404s we think is critical.…If we look at some of the options in the alert here,…you see we've got an interesting choice to make.…We can either make this a scheduled alert…or a real-time alert.…Let's try scheduled and explore the options there.…I'm going to say run every hour.…
Zero minutes past the hour is fine.…And we wanna set the alert condition,…so let's say a thousand 404s is when we think it's critical.…So once the number of results reaches a thousand,…we wanna send off this alert.…We don't wanna say for each result…because that means if it reached a thousand,…
- Installing Splunk
- Filtering search data
- Advanced search syntax
- Creating reports and dashboards
- Creating alerts and actions
- Configuring remote data and multiple data streams
Skill Level Beginner
DevOps Foundations: Monitoring and Observabilitywith Ernest Mueller2h 12m Appropriate for all
1. Tour of Major Features
3. Reporting and Dashboards
5. Practical Splunk
Next steps1m 57s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.