splunksplunk-query
What search terms should I use when creating alert that is triggered when there are no logs coming from service in Splunk?
I want to trigger an alert when there are no logs coming from our services in Splunk but not sure how to do that.
I can search our logs using this [| inputlookup app | search app=app_name env=prod service=app_name] where app is the csv lookup table with app, env, and service properties that provide lookup values for our search.
One other thing to note is I have access to the sourcetype or the source where
sourcetype=kube:container:app_name_env
source=*k8s_app_name_env_*
But again, not sure what search query I should create the alert based on. I know how to create alerts in splunk but not sure how to trigger it if there are no logs coming from the source above. Any suggestions? Thanks!
Solution
In the Alert actions, have it send a message when there are no results:
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?