Solved: Alert sending multiple emails

penguincrow · ‎09-05-2013

Have a configuration with two splunk servers(logging01 and logging02) configured with shared configuration processing syslog data. The two servers are behind a load balancer.

Created an alert which sends an email.

Everytime a single alert fires I receive two emails.

From the smtp server's logs I see both servers sending the same email.

Is there anyway to prevents this, so only a single email is sent?

yannK · ‎09-05-2013

If you have 2 Search-heads with the same configuration, then all your searches will run twice (one on each)

The proper ways to proceed are :

dedicate a single search-head to run your jobs/scheduled searches
or use search-head pooling to actually load balance the search jobs.

View solution in original post

yannK · ‎09-05-2013

If you have 2 Search-heads with the same configuration, then all your searches will run twice (one on each)

The proper ways to proceed are :

dedicate a single search-head to run your jobs/scheduled searches
or use search-head pooling to actually load balance the search jobs.

Alert sending multiple emails

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation