bucket 1 -> Last 30 mins (say 10.30 AM to 11 AM)
bucket 2 -> Get avg count of events for the same time period for the last 7 days (10.30 AM to 11 AM)
compare bucket 1 and bucket 2. If bucket 1 is 50% less than bucket 2, then send me an alert Email
I am trying to get the number of URL hits and if its substantially less than avg of last 7 days for the same time period, I need to be notified. How can I achieve this in splunk?
↧