Hi - I have been looking around for a way to do this, I'm not sure if it even exists.
Basically, I'm looking to see if there is a way to have Splunk send email alerts based on historical trend data.
For example, my current search is the following:
index=ui "webui03" "production_in_one_line.log" "Services::UploadController" | timechart avg(duration) as avg| where avg >=2800
** Search above checks the log file and outputs the latency number on the "duration" field, when I only display avg duration greater or equal than 2800ms.
Is there a way to include a historical trend option to monitor the log history and check for abnormal latency spikes? The reason why I'm looking to accomplish this is to avoid defining a threshold when creating the email alert in Splunk.
Any advise? Thanks.
↧