Notify when server load reaches a threshold using Splunk Light
Configure Splunk Light to notify you when a server's load reaches a predefined threshold, such as 80%.
Part 1: Run the search
The following search retrieves events with load averages above 80% and calculates the maximum value for each host.
sourcetype=top load_avg>80 | stats max(load_avg) by host
Part 2: Configure an alert
Save the search as an alert and configure the alert condition and alert actions as follows.
- Alert condition: Alert if the search returns at least one result.
- Alert actions: Email and set subject to "Server load above 80%."
- Suppress: 1 hour.
1. After you run the search, click Save as and select Alert.
2. In the Save As Alert dialog box, enter a Title and (Optional) Description.
3. Next to Alert Type, select Real Time.
4. Next to Trigger condition, select Per-Result.
5. Click Next.
6. Under Enable Actions, select Send Email.
6a. Next to To, enter the email recipients.
6b. (Optional) Change the Priority level for this alert.
6c. Next to Subject, enter "Server load above 80%."
6d. (Optional) Enter a Message to include with the email.
6e. Next to Include, select Inline and choose Raw to include the event that triggered the alert in the email.
7. Under Action Options, select Throttle.
7a. Next to Suppress triggering for, enter 1 and select hour(s).
8. Click Save.
Report on failed login attempts using Splunk Light
Identify spikes in data and notify using Splunk Light
This documentation applies to the following versions of Splunk® Light (Legacy): 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6