Alerts not triggering, but the same search has res...

bazcurtis178 · ‎12-29-2021

Hi,

I have 6 Alerts that run on a schedule. Only one of them is working. If I run the search results come back that match. Why would they not be triggering?

gcusello · ‎12-29-2021

Hi @bazcurtis178,

did you tested the searches without results in the same time period or after when you checked it?

Please try to run it in the same time period of the schedules alert.

Ciao.

Giuseppe

bazcurtis178 · ‎12-29-2021

I think I have cracked it. I think the data coming into index could come in and miss the alert. I have now tweaked the alerts to be cron jobs and I am collecting the data a little more quickly, 15 minutes instead of 20. Thanks for the help.

bazcurtis178 · ‎12-29-2021

I have been checking them minutes after they should trigger. If they should trigger at 20 minutes past the hour I was checking at 25 minutes past.

I have changed them to cron jobs now rather than the GUI x past the hour option. One has already triggered.

Alerts not triggering, but the same search has results

alert action

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation