Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Scalable alerting

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6

Scalable alerting

Advanced conditional alerting

This feature allows users to specify more complex conditions for triggering alerts. In previous versions of Splunk, users were limited to setting alerting conditions based on the number of events, sources, and hosts that appeared in a result set. Now, for any result set, a user can specify a search as a condition. If that search returns one or more events (ie true), an alert containing the original result set would be triggered.

Learn more about advanced conditional alerting in the Admin Manual.

Alerts over large data sets

This feature includes Splunk's ability to run alerts concurrently and over larger datasets. This is an extension of Splunk's Analyze large datasets feature.

Splunk's back-end processing and handling of alerts has been improved substantially, allowing users to run alerts concurrently (in previous versions they were run serially).

Benefits

  • Run alerts over larger datasets and with more frequency compared to previous versions of Splunk
  • Users can create more specific conditions for triggering an alert, reducing the number of missed or false positive alerts
  • Conditions to alert can now involved complex calculations on the data set without changing the content of the alert itself
Retrieved from "http://www.splunk.com/base/Documentation/4.0.6/ReleaseNotes/Scalablealerting"
Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons

Copyright © 2005-2009 Splunk Inc. All rights reserved.