Alerts not being triggered, and server errors

nalagito · ‎11-17-2023

We are using this license: Splunk Enterprise Term License - No Enforcement 6.5

I am an administrator, when I try to create a new alert, I get "server error", also, when I check the splunkd log, I see the following:

11-17-2023 11:03:02.381 +0000 ERROR AdminManager - Argument "app" is not supported by this handler.

I investigated all of this after seeing these warnings in the scheduler.log:

11-17-2023 07:35:00.513 +0000 WARN SavedSplunker - Savedsearch scheduling cannot be inherited from another user's search. Schedule ignored for savedsearch_id="nobody;search;Proxy NGINX Errors Alert"
11-17-2023 07:35:00.513 +0000 WARN SavedSplunker - Savedsearch scheduling cannot be inherited from another user's search. Schedule ignored for savedsearch_id="nobody;search;Proxy issue"
11-17-2023 07:35:00.513 +0000 WARN SavedSplunker - Savedsearch scheduling cannot be inherited from another user's search. Schedule ignored for savedsearch_id="nobody;search;Failed linux logins Clone8"

I also saw the license manager, sometimes we are exceding the quota, but as far as i investigated, this doesnt remove the alerting functionalities...

Alerts not being triggered, and server errors

alert action

alert condition

email

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?