Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Alert not triggered

uagraw01
Motivator
‎07-05-2020 03:47 AM

In my case alert is not triggered when particular log is generated. So i checked that the person who created that alert previously has no permission for scheduler search when i verify from internal logs and beacuse of this i am not able to see any view result for job runs. So please suggest if i will create new alert by with all scheduled search permission, so it will get resolve or not ?

Means schedule search is directly proportional to alert triggered ?

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-05-2020 08:47 PM

@uagraw01 

Yes. and obviously it has to meet the alert conditions.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎07-05-2020 07:06 AM

@uagraw01 

Alerts will be triggered if 

  • scheduled job runs without errors. 
  • specified alert condition met

Its always better to run the search manually to check for syntax, run time errors. and also check for alert conditions.

I am still wondering how the user without schedule_search capability was able to schedule in the first place. 

You can assign the alert to you (reassign knowledge objects) so that it runs with your capabilities.

Hope this helps.

 

0 Karma
Reply
Solved! Jump to solution

uagraw01
Motivator
‎07-05-2020 09:20 AM

So if i have capabilities of schedule_search, then it will get resolve the issue ?

0 Karma
Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-05-2020 08:47 PM

@uagraw01 

Yes. and obviously it has to meet the alert conditions.

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...