https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376166#M94643 <P>Hi @jodyfsu,</P> <P>Thanks for you help. I wanted that kind of configuration. Now it's working fine.</P> <P>But now I'm stuck in it's next step.</P> <P>Whenever Splunk found any error, it's create a report in pdf format and send a mail notification.</P> <P>So, suppose today I got four error alerts on different time. So in the first mail contain the first error with pdf but from the second mail alert I got the first error+the new error(second alert) , then in the third mail alert in the pdf I got first error+second error+new error(third error). It made more complicated to understand what is actually real time error, just because it contains previous errors. </P> <P>My Real -time alert settings :</P> <P>Alert Type : Real-Time</P> <P>Trigger Conditions: <BR /> Trigger alert when : Per-Result<BR /> Throttle : Checked<BR /> Suppress results containing field value : *<BR /> Suppress triggering for : 24 hour(s)</P> <P>Please help me on this matter.<BR /> If you have any links for this issue, please attach the link.</P> <P>Thanks, @saibal6</P> Mon, 11 Jun 2018 13:53:50 GMT saibal6 2018-06-11T13:53:50Z https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376164#M94641 <P>I have configured an alert notification on real-time issue and it's working. But I have facing a problem, that any new issue is appear wherever it has only single line error. I got multiple mail notification where the mail time differences was only for 4 seconds means I got 12mails in just one minute for the same single line error. </P> <P>Where I want only single mail notification on single line real time error.<BR /> can anyone suggest/help me on this matter? </P> Thu, 07 Jun 2018 11:15:54 GMT https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376164#M94641 saibal6 2018-06-07T11:15:54Z https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376165#M94642 <P>When you configure the Alert you can select "Throttle" and then you can say how long to not notify you.</P> <P><span class="lia-inline-image-display-wrapper" image-alt="Throttle"><img src="https://community.splunk.com/t5/image/serverpage/image-id/5177i5EC666CB19459B4D/image-size/large?v=v2&amp;px=999" role="button" title="Throttle" alt="Throttle" /></span></P> <P>Hope this helps. Let us know if you need more.</P> Thu, 07 Jun 2018 13:49:36 GMT https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376165#M94642 jodyfsu 2018-06-07T13:49:36Z https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376166#M94643 <P>Hi @jodyfsu,</P> <P>Thanks for you help. I wanted that kind of configuration. Now it's working fine.</P> <P>But now I'm stuck in it's next step.</P> <P>Whenever Splunk found any error, it's create a report in pdf format and send a mail notification.</P> <P>So, suppose today I got four error alerts on different time. So in the first mail contain the first error with pdf but from the second mail alert I got the first error+the new error(second alert) , then in the third mail alert in the pdf I got first error+second error+new error(third error). It made more complicated to understand what is actually real time error, just because it contains previous errors. </P> <P>My Real -time alert settings :</P> <P>Alert Type : Real-Time</P> <P>Trigger Conditions: <BR /> Trigger alert when : Per-Result<BR /> Throttle : Checked<BR /> Suppress results containing field value : *<BR /> Suppress triggering for : 24 hour(s)</P> <P>Please help me on this matter.<BR /> If you have any links for this issue, please attach the link.</P> <P>Thanks, @saibal6</P> Mon, 11 Jun 2018 13:53:50 GMT https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376166#M94643 saibal6 2018-06-11T13:53:50Z https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376167#M94644 <P>Ah, I would change the search time to be only last 60 minutes or few hours. Like you are seeing, since you are looking back 24 hours it is going to return any other alerts triggered in the last 24 hours. </P> Mon, 11 Jun 2018 14:00:50 GMT https://community.splunk.com/t5/Getting-Data-In/Configured-real-time-issue-alert-and-got-multiple-mails-for/m-p/376167#M94644 jodyfsu 2018-06-11T14:00:50Z