https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564626#M12955 <P>I have a scheduled alert running every 15 minutes in the cron schedule.</P><P>I set trigger action as Email, ServiceNow ticket &amp; MS Teams notification.</P><P>Here 80% of the alerts I am receiving successfully. But i am failing to receive the remaining 20% alerts in Email, ServiceNow tickets &amp; MS Teams.</P><P>But when I am running the search I can able to find the result but I didn't receive the same alerts.</P><P>When I search scheduler logs&nbsp; I didn't find any failure logs.</P><P>Please help here.</P> Wed, 25 Aug 2021 04:33:24 GMT alexspunkshell 2021-08-25T04:33:24Z https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564626#M12955 <P>I have a scheduled alert running every 15 minutes in the cron schedule.</P><P>I set trigger action as Email, ServiceNow ticket &amp; MS Teams notification.</P><P>Here 80% of the alerts I am receiving successfully. But i am failing to receive the remaining 20% alerts in Email, ServiceNow tickets &amp; MS Teams.</P><P>But when I am running the search I can able to find the result but I didn't receive the same alerts.</P><P>When I search scheduler logs&nbsp; I didn't find any failure logs.</P><P>Please help here.</P> Wed, 25 Aug 2021 04:33:24 GMT https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564626#M12955 alexspunkshell 2021-08-25T04:33:24Z https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564633#M12956 <P>Hello,</P><P>How is your alert defined? Verify the&nbsp;<STRONG>Trigger Conditions</STRONG> and make sure that these configs are correct.</P><P>You can use the schedule options:&nbsp;<STRONG>Once&nbsp;</STRONG>OR&nbsp;<STRONG>For each result.</STRONG></P><P>If your alert return multiple results and you need to send an action for each result select the&nbsp;<STRONG>For each result&nbsp;</STRONG>option, select&nbsp;<STRONG>Once&nbsp;</STRONG>otherwise.&nbsp;</P><P>You can view the recent results of your scheduled alert on "Settings &gt; Searches, Reports, and Alerts &gt; Filter your alert &gt; click on View Recent" for further troubleshooting.</P><P>&nbsp;</P><P>Thanks.</P> Wed, 25 Aug 2021 05:31:35 GMT https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564633#M12956 danielcj 2021-08-25T05:31:35Z https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564636#M12957 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213178">@danielcj</a>&nbsp;Thanks for your reply.</P><P>How is your alert defined? - Number of results greater than 0</P><P>I see only "status=Done"&nbsp;<SPAN>in&nbsp; View Recent. I didn't see my failed alerts here.</SPAN></P><P><SPAN>Below is the screenshot of the alert.</SPAN></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="alexspunkshell_0-1629870323309.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/15716i436C9AC255BAFA21/image-size/medium?v=v2&amp;px=400" role="button" title="alexspunkshell_0-1629870323309.png" alt="alexspunkshell_0-1629870323309.png" /></span></P><P>&nbsp;</P> Wed, 25 Aug 2021 05:47:53 GMT https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564636#M12957 alexspunkshell 2021-08-25T05:47:53Z https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564643#M12958 <P>Hi</P><P>it seems that you have added Alert Throttling here. This means that it didn't fire again same alert within Suppress triggering for time, which you have 7 days. Can this be the reason for no fire alerts?</P><P>r. Ismo</P><P><A href="https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/ThrottleAlerts" target="_blank">https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/ThrottleAlerts</A></P> Wed, 25 Aug 2021 06:17:45 GMT https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564643#M12958 isoutamo 2021-08-25T06:17:45Z https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564982#M12965 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/214410">@isoutamo</a>&nbsp;I disabled the throttle now. But again the same issue persists.</P><P>When I check the index=_internal &amp; scheduler logs it is showing the status as success. Whereas I didn't receive any alert ServiceNow/Email/MS teams.</P><P>Out of 10 alerts, I am receiving 8 alerts properly. 2 alerts always failing.</P><P>&nbsp;</P> Fri, 27 Aug 2021 07:42:23 GMT https://community.splunk.com/t5/Alerting/Splunk-Alerts-failing-to-Trigger/m-p/564982#M12965 alexspunkshell 2021-08-27T07:42:23Z