Hello All,
I have configured an alert with earliest=-24h
and head 3000
and i can see from search there are lot of results are populating but I am no alerts are getting generated. Alert threshold is greater than 2 and results populating are 77
I have integrated the alert with splunk. At first I thought it might the integration is broken but I am verifying from here activity->triggered alerts
but i do not see anything
https://share.getcloudapp.com/kpuYKLmd
I am not sure if this due to the cron and other settings, so here it is
https://share.getcloudapp.com/o0uD6gyX
You need to add alert action "Add to Triggered Alerts" to your alert then it'll appear in Activity->Triggered Alerts with severity set in alert action.
You need to add alert action "Add to Triggered Alerts" to your alert then it'll appear in Activity->Triggered Alerts with severity set in alert action.
It seems the splunk integration was broken because I did not include some text in the message
section. All sorted and thanks for your help
although I am using earliest
but i still changed the time range
from alert configuration to 2 mins (earlier it was 12 hours) still no luck
What alert actions do you have tied to the alert? How sure are you that it fired but you did not notice? Have you checked the internal logs to verify if it fired?