https://community.splunk.com/t5/Security/security-violation-error/m-p/251472#M14915 <P>Yes, it is possible. If you can search for it, you can alert on it. Once you've produced a search that finds the event(s) of interest, schedule it to run at some interval - every 15 minutes, for example. Then choose an alert trigger. I've found <CODE>if number of events</CODE> <CODE>is equal to</CODE> <CODE>0</CODE> works best for my searches. Mark the <CODE>Send email</CODE> box and fill in the addresses to which to send the alert.</P> Fri, 26 Aug 2016 13:26:52 GMT richgalloway 2016-08-26T13:26:52Z https://community.splunk.com/t5/Security/security-violation-error/m-p/251471#M14914 <P>Hello,</P> <P>is there anyway i can genrate alert and send mail from splunk .<BR /> for eg:- if there is an security-violation error on a particular switch like err-disable state if someone tried to connect a switch or router on a access port.</P> <P>or </P> <P>if a stack one of the switch went down splunk should send me an alert via email to my network team.</P> <P>is it possible ?</P> Fri, 26 Aug 2016 12:37:54 GMT https://community.splunk.com/t5/Security/security-violation-error/m-p/251471#M14914 vineeth10 2016-08-26T12:37:54Z https://community.splunk.com/t5/Security/security-violation-error/m-p/251472#M14915 <P>Yes, it is possible. If you can search for it, you can alert on it. Once you've produced a search that finds the event(s) of interest, schedule it to run at some interval - every 15 minutes, for example. Then choose an alert trigger. I've found <CODE>if number of events</CODE> <CODE>is equal to</CODE> <CODE>0</CODE> works best for my searches. Mark the <CODE>Send email</CODE> box and fill in the addresses to which to send the alert.</P> Fri, 26 Aug 2016 13:26:52 GMT https://community.splunk.com/t5/Security/security-violation-error/m-p/251472#M14915 richgalloway 2016-08-26T13:26:52Z