Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Alert not working

trueclicks
Explorer
‎10-17-2016 02:39 AM

Hi,

easy alert ( see bellow ) is not working.
alt text

Condition meets the criteria.

alt text

  • Mail Server Settings are set by default ( spunk little).
  • Alert is triggered
  • Mail is not sent.
  • Alert action is empty. Why ?

Do I do something wrong ? or is it bug ?

Thanks for answers / ideas / recommendations.

Preview file
274 KB
Preview file
52 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-24-2016 03:58 AM

Hi trueclicks,
I assume that you verified that your system correctly sends eMails.
Sometimes the problem is that the results are too large for the eMail body or the eMail attachment so the eMail is blocked by the mail server.
So verify unflagging attachment and results in the eMail Body.
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for your help.

0 Karma
Reply
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you. Problem was in my scheduled search. I wanted to fire event when the search did not have any result.
This helped:
https://answers.splunk.com/answers/127905/set-count-to-0-if-no-results-found-in-splunk-alert.html

0 Karma
Reply
Solved! Jump to solution

dkoshe_splunk
Splunk Employee
Splunk Employee
‎10-23-2016 06:18 PM

Hello,

Have you looked into splunk logs to find out if there is an error in sending emails?
Also there are a lot of answers queries around troubleshooting emails not getting sent.
See for example:
https://answers.splunk.com/answers/330817/how-to-troubleshoot-why-im-not-getting-email-alert.html
https://answers.splunk.com/answers/32498/how-to-troubleshoot-splunk-email-notification.html
https://answers.splunk.com/answers/221223/how-to-troubleshoot-why-i-am-not-receiving-emails.html
https://answers.splunk.com/answers/225648/alert-email-not-being-sent.html

Hope this helps.
-Dhananjay

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for you help.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...