i called all the errors and created to lookup table , iam thinking to create job to which will take the last 5 min of errors and compare with errors in lookuptable , if it doesn't match it will trigger alert ( means finding new error from existing)
Can we do this via splunk query ? , if so can you please share the sample query
↧