Hi everyone.
Does anyone have any idea on how to use conditional statements within a search query?
My problem statement wants me to create an alert,as soon as the number of events in the past hour becomes lesser than (20% less) the average number of events in the past 20 hours. As of now,I have a query to parse my log data which displays the number of events.
PS : I'm pretty new to Splunk and still learning the basics. It would be great if anyone could help me with this issue. Thanks!
↧