Hi everyone,
I'm trying to set up an alert for daily license usage and notify me when it reaches a certain threshold.
| rest splunk_server=shaklee-splunk-enterprise /services/licenser/pools | rename title AS Pool | search [rest splunk_server=shaklee-splunk-enterprise /services/licenser/groups | search is_active=1 | eval stack_id=stack_ids | fields stack_id] | eval quota=if(isnull(effective_quota),quota,effective_quota) | eval percentage=round(used_bytes/quota*100,2) | where percentage >= 8 | fields percentage
This is my query for when the pool reaches 8%. The search works and pulls the integer out for me but the problem is the alert will not trigger when I set it for cron to scan every second and trigger when number of results is greater than 1.
Any ideas?
Thanks,
Ryan
↧