Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert not working

trueclicks
Explorer
‎10-17-2016 02:39 AM

Hi,

easy alert ( see bellow ) is not working.
alt text

Condition meets the criteria.

alt text

  • Mail Server Settings are set by default ( spunk little).
  • Alert is triggered
  • Mail is not sent.
  • Alert action is empty. Why ?

Do I do something wrong ? or is it bug ?

Thanks for answers / ideas / recommendations.

Preview file
274 KB
Preview file
52 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-24-2016 03:58 AM

Hi trueclicks,
I assume that you verified that your system correctly sends eMails.
Sometimes the problem is that the results are too large for the eMail body or the eMail attachment so the eMail is blocked by the mail server.
So verify unflagging attachment and results in the eMail Body.
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for your help.

0 Karma
Reply
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you. Problem was in my scheduled search. I wanted to fire event when the search did not have any result.
This helped:
https://answers.splunk.com/answers/127905/set-count-to-0-if-no-results-found-in-splunk-alert.html

0 Karma
Reply
Solved! Jump to solution

dkoshe_splunk
Splunk Employee
Splunk Employee
‎10-23-2016 06:18 PM

Hello,

Have you looked into splunk logs to find out if there is an error in sending emails?
Also there are a lot of answers queries around troubleshooting emails not getting sent.
See for example:
https://answers.splunk.com/answers/330817/how-to-troubleshoot-why-im-not-getting-email-alert.html
https://answers.splunk.com/answers/32498/how-to-troubleshoot-splunk-email-notification.html
https://answers.splunk.com/answers/221223/how-to-troubleshoot-why-i-am-not-receiving-emails.html
https://answers.splunk.com/answers/225648/alert-email-not-being-sent.html

Hope this helps.
-Dhananjay

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for you help.

0 Karma
Reply
Get Updates on the Splunk Community!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...