Splunk Apps » Website Monitoring

h1. Email Alerting

You can setup email alerting in Splunk such that you get notified when sites respond slowly or post errors.

h2. Splunk Configuration

You will need to configure Splunk to work with an email server. To set this up, go the Splunk Manager at Server settings » Email settings.

h2. Configuring the Search

The app includes a search named "website_performance_problems" that works well for email alerting. To configure it for email alerting, open the "website_performance_problems" search in the Manager (Manager » "Searches, reports, and alerts"). Click the checkbox next to "Send email" alert action to enable it and complete the information necessary to use the alert action.

h2. Customizing Response Time Threshold

You may want to change the threshold that is used to determine if a site has been down too long. To do so, edit the "response_time_threshold" macro. You can change the macro in the Manager by going to "Advanced search" » "Search macros" and editing the "response_time_threshold" macro.

h2. Filtering Out Sites

You may want not want to receive email notifications for some sites. To filter these sites out, add a where clause to the "website_performance_problems" search just after the first search part. Below is an example of a search using where clauses to filter out some sites:

<pre>

sourcetype="web_ping" (response_code>=400 OR timed_out=True) OR (total_time>`response_time_threshold` NOT (title="LukeMurphey.net") ) | where NOT like(url,"%splunk.com%") | fillnull response_code value="Connection failed" | eval response_code=if(timed_out == "True", "Connection timed out", response_code) | stats count as count max(total_time) as max_total_time by title url response_code | eval max_total_time=round(max_total_time, 2)." ms"

</pre>