Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

Reporting

Reply

How to set up splunk alert for successful zone transfers?

Techie
Posts: 3
2714     0

Hello,

 

I am not super new to the community but I have found a lot of useful information which helped me.  And

I wanted to know if it is possible to configure a custom alert in reporting for successful zone transfers for all members? so for every successful xfer I would get an alert.  Please advise.

 

Thanks,

 

-D

Re: How to set up splunk alert for successful zone transfers?

Member
Posts: 2
2715     0

You need to schedule the matching search for each five minutes.

Splunk search would be like this base search |stats count by respecfield|where count >0 and can set the trigger condition to send AN email if results area unit larger than zero .

Splunk runs the search for each five minutes as regular however solely notifies you once the result count is bigger than condition given .

 

Let me know if this helps or not.

Re: How to set up Splunk alert for successful zone transfers?

Member
Posts: 2
2715     0

You need to schedule the matching search for each five minutes.

Splunk search would be like this base search |stats count by respecfield|where count >0 and can set the trigger condition to send AN email if results area unit larger than zero .

Splunk runs the search for each five minutes as regular however solely notifies you once the result count is bigger than condition given .

 

Let me know if this helps or not.

Re: How to set up splunk alert for successful zone transfers?

Techie
Posts: 3
2715     0

Thank you!

 

I was able to figure it out! Yay.  I had to make sure Syslog messages are getting reported to the reporting server.  Then, after letting it run for a bit, I searched for xfer messages.  After finding what i was looking for ( for example messages with "trasfer completed"), I built custom alert based on specific criteria off of the syslog message.  I tested it and so far it works like a charm.

 

-D

Showing results for 
Search instead for 
Did you mean: 

Recommended for You