Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert not triggered

uagraw01
Motivator
‎07-05-2020 03:47 AM

In my case alert is not triggered when particular log is generated. So i checked that the person who created that alert previously has no permission for scheduler search when i verify from internal logs and beacuse of this i am not able to see any view result for job runs. So please suggest if i will create new alert by with all scheduled search permission, so it will get resolve or not ?

Means schedule search is directly proportional to alert triggered ?

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-05-2020 08:47 PM

@uagraw01 

Yes. and obviously it has to meet the alert conditions.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

anilchaithu
Builder
‎07-05-2020 07:06 AM

@uagraw01 

Alerts will be triggered if 

  • scheduled job runs without errors. 
  • specified alert condition met

Its always better to run the search manually to check for syntax, run time errors. and also check for alert conditions.

I am still wondering how the user without schedule_search capability was able to schedule in the first place. 

You can assign the alert to you (reassign knowledge objects) so that it runs with your capabilities.

Hope this helps.

 

0 Karma
Reply
Solved! Jump to solution

uagraw01
Motivator
‎07-05-2020 09:20 AM

So if i have capabilities of schedule_search, then it will get resolve the issue ?

0 Karma
Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎07-05-2020 08:47 PM

@uagraw01 

Yes. and obviously it has to meet the alert conditions.

 

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...