<ul><li>Step 1: Write a Query to Monitor Multiple Sources</li><li>Identify the log sources you want to monitor. Create a Splunk search query that checks for events from those sources within a specific timeframe.</li><li>Step 2: Create an Alert</li><li>In Splunk, go to Settings > Searches, reports, and alerts. Configure a new alert with the search query from step 1 and set it to run on a schedule. Trigger the alert when the number of results (sources with zero logs) is greater than 0.</li></ul>

Splunk: How to Write a Query to Monitor Multiple Sources and Send Alert if they Stop Coming

Discover more