Reporting

Reply
Highlighted

How to set up splunk alert for successful zone transfers?

dmitriy_17
Techie
Posts: 3
435     0

Hello,

 

I am not super new to the community but I have found a lot of useful information which helped me.  And

I wanted to know if it is possible to configure a custom alert in reporting for successful zone transfers for all members? so for every successful xfer I would get an alert.  Please advise.

 

Thanks,

 

-D

Re: How to set up splunk alert for successful zone transfers?

StephenKery
Techie
Posts: 2
436     0

You need to schedule the matching search for each five minutes.

Splunk search would be like this base search |stats count by respecfield|where count >0 and can set the trigger condition to send AN email if results area unit larger than zero .

Splunk runs the search for each five minutes as regular however solely notifies you once the result count is bigger than condition given .

 

Let me know if this helps or not.

Re: How to set up Splunk alert for successful zone transfers?

StephenKery
Techie
Posts: 2
436     0

You need to schedule the matching search for each five minutes.

Splunk search would be like this base search |stats count by respecfield|where count >0 and can set the trigger condition to send AN email if results area unit larger than zero .

Splunk runs the search for each five minutes as regular however solely notifies you once the result count is bigger than condition given .

 

Let me know if this helps or not.

Re: How to set up splunk alert for successful zone transfers?

dmitriy_17
Techie
Posts: 3
436     0

Thank you!

 

I was able to figure it out! Yay.  I had to make sure Syslog messages are getting reported to the reporting server.  Then, after letting it run for a bit, I searched for xfer messages.  After finding what i was looking for ( for example messages with "trasfer completed"), I built custom alert based on specific criteria off of the syslog message.  I tested it and so far it works like a charm.

 

-D

Showing results for 
Search instead for 
Do you mean 

Recommended for You