Hi,

I want to setup an alert on my search given below:-

index="foo" source="/servers/logs/access.log" | rex "\"(?<ConsumerIP>[^\"]+)\"\s+(?<RequestTime>\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})\s(?<HttpMethod>[^\s]+)\s(?<EndpointURI>[^\s]+)\s(?<ResponseCode>\d+)\s(?<ServerInfo>[^\s]+)\s(?<GatewayIP>[^\s]+)\s(?<Ecid>[^\s]+)\s(?<ResponseTime>.+)" | stats count as TotalHits by EndpointURI

Alert Settings:-

Alert: DOH-PersonProfile Alert
Description:Optional
Alert type: Scheduled
Run on Cron Schedule
Time Range: Last 1 day
Cron Expression: */5 * * * *
Trigger Conditions
Trigger alert when Custom search count>1000
Trigger: Once

Trigger Actions
When triggered
Send emai To abc@company.com
Priority: High
Subject: Splunk Alert: $result.TotalHits$
Total number of requests received are : $requests.TotalHits$
Type: HTML & Plain Text

Why is not the alert working? Could anyone help me with this?