Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert throttling

yashaswinig2210
Engager
‎05-18-2021 05:34 AM

I want to trigger an email alert whenever an account is locked on a machine

stats values(MachineName) as Machinename by Account, Email, _time

AccountMachinenameEmail_time
JohnMachine1
Machine2		John@gmail.com1:00 PM
 
JohnMachine2John@gmail.com2:00 PM

 

I have set up the alert to run for every 5mins and trigger only once in 24hr 

suppression value: Account, Machinename

Issue: the email is getting triggered twice at 1:00pm and 2:00pm again even the machine name is same.

Im not sure if it is considering only machine1 when triggering 1st mail.

Request you to please help.

Labels (4)
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...