https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59944#M813 <P>my understanding of throttling is that it's not the same as alerting once per event.</P> <P>eg, if i have throttling set to no more than once per minute,<BR /> and an event occurs twice, in two consecutive seconds,<BR /> i want to get exactly two alerts.</P> <P>i'm still looking for an answer to the poster's question.</P> Wed, 30 Nov 2011 21:05:11 GMT elenzil 2011-11-30T21:05:11Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59941#M810 <P>Hello,</P> <P>I was wondering how I can make Splunk notify me of an alert in real time only once. For example, if I'm running a real time search for when a firewall is turned off, how do I keep Splunk from alerting me for the same results repeatedly (which looks like it happens 3 to 4 times a minute)?</P> <P>Thanks</P> Thu, 18 Aug 2011 05:29:42 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59941#M810 samiomer 2011-08-18T05:29:42Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59942#M811 <P>hi samiomer</P> <P>Alert throttling can be setup like written <A href="http://docs.splunk.com/Documentation/Splunk/4.2.3/ReleaseNotes/Alertthrottlingandexpiration">in the docs</A> or for pre 4.2 splunk with the app <A href="http://splunk-base.splunk.com/apps/22379/alertthrottle">alert throttle</A>.</P> <P>regards</P> Thu, 18 Aug 2011 06:27:02 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59942#M811 MuS 2011-08-18T06:27:02Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59943#M812 <P>Thanks. That helped <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 18 Aug 2011 13:44:39 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59943#M812 samiomer 2011-08-18T13:44:39Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59944#M813 <P>my understanding of throttling is that it's not the same as alerting once per event.</P> <P>eg, if i have throttling set to no more than once per minute,<BR /> and an event occurs twice, in two consecutive seconds,<BR /> i want to get exactly two alerts.</P> <P>i'm still looking for an answer to the poster's question.</P> Wed, 30 Nov 2011 21:05:11 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59944#M813 elenzil 2011-11-30T21:05:11Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59945#M814 <P>Only 4.3 supports "once per event".<BR /> Anyone found a fully working work-around for 4.2.2?</P> Mon, 05 Mar 2012 10:49:40 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59945#M814 tommasog 2012-03-05T10:49:40Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59946#M815 <P>rpm -Uvh splunk-4.3-115073-linux-2.6-x86_64.rpm</P> <P><span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>There are a few performance and security issues that are solved as well when upgrading.</P> <P>/k</P> Mon, 05 Mar 2012 12:40:14 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59946#M815 kristian_kolb 2012-03-05T12:40:14Z https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59947#M816 <P>Did this ever get resolved? I'm looking for this same thing now, 7 years later... Is this built in?</P> Wed, 18 Jul 2018 19:34:06 GMT https://community.splunk.com/t5/Alerting/Trigger-real-time-alert-once/m-p/59947#M816 dijikul 2018-07-18T19:34:06Z