I have Splunk light (currently bring upgraded to Enterprise but won't be for a while). I have 6 alert triggers written. But only the first 5 active ones work. If I make the first one I created not active, resave the 6th one, it then works.
So it seems Splunk Light only may allow 5 active trigger alerts, but I can't find this written anywhere, am I right or do I have a different problem?
Thanks for your reply, but this is not on a search.
Alerts are triggered based upon a constant monitoring of the inbound data to match a string. I have so little data coming in that there is hardly any data at all in this environment.
I have set up 5 working Alert triggers, each when matched adds an alert, writes what it finds to a text file, then calls an external script. The 5 I have work fine. Then I add a 6th Alert Trigger and it does not trigger. but if I delete any of the other 5 the new one I have written starts to work. This had made me think that Splunk Light (Not SplunkCloud) has some limitation but nobody seems to know if that is correct. I can see no errors in the log at all.