I would like to create a schedule alert with a simple search. I want to count something and when the number return is to small trigger the alert. But the alert is not working, I've never receive the mail. I don't understand why...
at first check if the alert's search (without alert) has results.
Then check if your alert is correctly trigged [Activity - Triggered Alerts] or [your_app - alerts] and click on your alert.
Then you must check if it's correctly configured your eMail gateway [Settings - Server Settings eMail settings].
Then check if the channel between Splunk Search Head and your eMail server is open.
Thanks for your answer.
We are trying to trigger the alert when we have a result superior at 1000 and we have a count equal to 10 000
when we have a look in the activity the alert run but never triggers.
I do not understand why...
do you have an idea