https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582299#M13428 <P>How would that be practically different than what I've already tried, which is 6:15 looking back 8 minutes?&nbsp; The file always arrives at XX:10:05</P> Mon, 24 Jan 2022 17:37:01 GMT adzg 2022-01-24T17:37:01Z https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582289#M13426 <P>I have an alert that runs every 10 minutes from 6am-3pm PST.&nbsp; It checks to see if a file has arrived within the last few minutes (file arrives at 6:10, check for file at 6:12 with 4 minute timeframe).&nbsp;</P><P>The problem is that every day, I get 1-3 false positive alerts.&nbsp; I get an email saying that a file didn't arrive on time but when I go to perform the exact search with the hardcoded timeframe in question, the file did arrive on time.&nbsp;</P><P>Anyone ever run into this problem? Is this an issue with the alert scheduler?&nbsp; I tried moving the alert back to give the file time to process in the system (file arrives at 6:10, check for file at 6:15 with 8 minute timeframe) but to no avail.</P> Mon, 24 Jan 2022 17:08:27 GMT https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582289#M13426 adzg 2022-01-24T17:08:27Z https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582297#M13427 <P>set it up at 6: 15 and let it check for last 10 min</P> Mon, 24 Jan 2022 17:33:57 GMT https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582297#M13427 SinghK 2022-01-24T17:33:57Z https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582299#M13428 <P>How would that be practically different than what I've already tried, which is 6:15 looking back 8 minutes?&nbsp; The file always arrives at XX:10:05</P> Mon, 24 Jan 2022 17:37:01 GMT https://community.splunk.com/t5/Alerting/Splunk-Alert-False-Positives/m-p/582299#M13428 adzg 2022-01-24T17:37:01Z