Solved: Alert not triggered

uagraw01 · ‎07-05-2020

In my case alert is not triggered when particular log is generated. So i checked that the person who created that alert previously has no permission for scheduler search when i verify from internal logs and beacuse of this i am not able to see any view result for job runs. So please suggest if i will create new alert by with all scheduled search permission, so it will get resolve or not ?

Means schedule search is directly proportional to alert triggered ?

anilchaithu · ‎07-05-2020

@uagraw01

Yes. and obviously it has to meet the alert conditions.

View solution in original post

anilchaithu · ‎07-05-2020

@uagraw01

Alerts will be triggered if

scheduled job runs without errors.
specified alert condition met

Its always better to run the search manually to check for syntax, run time errors. and also check for alert conditions.

I am still wondering how the user without schedule_search capability was able to schedule in the first place.

You can assign the alert to you (reassign knowledge objects) so that it runs with your capabilities.

Hope this helps.

uagraw01 · ‎07-05-2020

So if i have capabilities of schedule_search, then it will get resolve the issue ?

anilchaithu · ‎07-05-2020

@uagraw01

Yes. and obviously it has to meet the alert conditions.

Alert not triggered

alert action

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life