Splunk is monitoring a file every 11 minutes.
An alert was created to receive an email for each event that matches.

Follow the alert's setting:

Alert type
Scheduled
Run on cron schedule
earliest: -11m@m
latest: -1s@s
cron expression: */11 * * * *

Trigger condition
Trigger alert when "Number os results" is greater than 0 results
Trigger: "for each result"

I don't know why, but I am receiving only one mail. In my case, two events matched.
Is the setup right?

Obs; The Throttle feature is not checked

Best regards,
Lopes.