Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert not working

trueclicks
Explorer
‎10-17-2016 02:39 AM

Hi,

easy alert ( see bellow ) is not working.
alt text

Condition meets the criteria.

alt text

  • Mail Server Settings are set by default ( spunk little).
  • Alert is triggered
  • Mail is not sent.
  • Alert action is empty. Why ?

Do I do something wrong ? or is it bug ?

Thanks for answers / ideas / recommendations.

Preview file
274 KB
Preview file
52 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-24-2016 03:58 AM

Hi trueclicks,
I assume that you verified that your system correctly sends eMails.
Sometimes the problem is that the results are too large for the eMail body or the eMail attachment so the eMail is blocked by the mail server.
So verify unflagging attachment and results in the eMail Body.
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for your help.

0 Karma
Reply
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you. Problem was in my scheduled search. I wanted to fire event when the search did not have any result.
This helped:
https://answers.splunk.com/answers/127905/set-count-to-0-if-no-results-found-in-splunk-alert.html

0 Karma
Reply
Solved! Jump to solution

dkoshe_splunk
Splunk Employee
Splunk Employee
‎10-23-2016 06:18 PM

Hello,

Have you looked into splunk logs to find out if there is an error in sending emails?
Also there are a lot of answers queries around troubleshooting emails not getting sent.
See for example:
https://answers.splunk.com/answers/330817/how-to-troubleshoot-why-im-not-getting-email-alert.html
https://answers.splunk.com/answers/32498/how-to-troubleshoot-splunk-email-notification.html
https://answers.splunk.com/answers/221223/how-to-troubleshoot-why-i-am-not-receiving-emails.html
https://answers.splunk.com/answers/225648/alert-email-not-being-sent.html

Hope this helps.
-Dhananjay

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for you help.

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...