Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Alert not getting triggered with cron schedule

praddasg
Path Finder
‎03-06-2020 06:03 AM

Hello All,

I have configured an alert with earliest=-24h and head 3000 and i can see from search there are lot of results are populating but I am no alerts are getting generated. Alert threshold is greater than 2 and results populating are 77
I have integrated the alert with splunk. At first I thought it might the integration is broken but I am verifying from here activity->triggered alerts but i do not see anything
https://share.getcloudapp.com/kpuYKLmd

I am not sure if this due to the cron and other settings, so here it is
https://share.getcloudapp.com/o0uD6gyX

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎03-06-2020 08:18 AM

You need to add alert action "Add to Triggered Alerts" to your alert then it'll appear in Activity->Triggered Alerts with severity set in alert action.

View solution in original post

Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎03-06-2020 08:18 AM

You need to add alert action "Add to Triggered Alerts" to your alert then it'll appear in Activity->Triggered Alerts with severity set in alert action.

Reply
Solved! Jump to solution

praddasg
Path Finder
‎03-06-2020 08:43 AM

It seems the splunk integration was broken because I did not include some text in the message section. All sorted and thanks for your help

0 Karma
Reply
Solved! Jump to solution

praddasg
Path Finder
‎03-06-2020 07:22 AM

although I am using earliest but i still changed the time range from alert configuration to 2 mins (earlier it was 12 hours) still no luck

0 Karma
Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎03-06-2020 08:37 AM

What alert actions do you have tied to the alert? How sure are you that it fired but you did not notice? Have you checked the internal logs to verify if it fired?

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...