Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert not triggered

uagraw01
Motivator
‎07-05-2020 03:47 AM

In my case alert is not triggered when particular log is generated. So i checked that the person who created that alert previously has no permission for scheduler search when i verify from internal logs and beacuse of this i am not able to see any view result for job runs. So please suggest if i will create new alert by with all scheduled search permission, so it will get resolve or not ?

Means schedule search is directly proportional to alert triggered ?

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-05-2020 08:47 PM

@uagraw01 

Yes. and obviously it has to meet the alert conditions.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎07-05-2020 07:06 AM

@uagraw01 

Alerts will be triggered if 

  • scheduled job runs without errors. 
  • specified alert condition met

Its always better to run the search manually to check for syntax, run time errors. and also check for alert conditions.

I am still wondering how the user without schedule_search capability was able to schedule in the first place. 

You can assign the alert to you (reassign knowledge objects) so that it runs with your capabilities.

Hope this helps.

 

0 Karma
Reply
Solved! Jump to solution

uagraw01
Motivator
‎07-05-2020 09:20 AM

So if i have capabilities of schedule_search, then it will get resolve the issue ?

0 Karma
Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-05-2020 08:47 PM

@uagraw01 

Yes. and obviously it has to meet the alert conditions.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...