splunk allows you to create alerts and scheduled reports from the result of a search.
In order to create an alert, you run a search, then select Save As -> Alert.
There are two types of alert.
- Scheduled alerts run defined search at a defined interval and evaluates trigger condition when the search completes.
- Real-time alerts run defined search constantly and evaluate trigger condition at defined interval.
Whenever tigger condition is met, an action will be taken. You have many options to choose when you define a trigger, eg. Log Event, Send Email, Run a script.
In order to create a scheduled report, you run a search, then select Save As -> Report. After the report is created, click schedule.