Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Can i display the search condition that was met

$
0
0
If i have a single alert search with multiple conditions that looks something like this: index=X condition1 OR condition2 OR (condition3 AND subcondition1) OR condition4 OR condition5 OR (condition6 AND subcondition2) Is there a way to display the actual conditional statement that was met without creating a separate alert for each condition? In other words does Splunk set some internal variable that holds the triggered condition (for example - "(condition3 AND subcondition1)") that is accessible to display in an email or notable event?

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>