Alerting

Do not achieve to trigger my alert

New Member

Hello,
I would like to create a schedule alert with a simple search. I want to count something and when the number return is to small trigger the alert. But the alert is not working, I've never receive the mail. I don't understand why...

Could someone help me ?

Thanks a lot !

Tags (2)
0 Karma

SplunkTrust
SplunkTrust

Hi telecomdesign,

at first check if the alert's search (without alert) has results.
Then check if your alert is correctly trigged [Activity - Triggered Alerts] or [your_app - alerts] and click on your alert.
Then you must check if it's correctly configured your eMail gateway [Settings - Server Settings eMail settings].
Then check if the channel between Splunk Search Head and your eMail server is open.

Bye.
Giuseppe

0 Karma

New Member

Thanks for your answer.
We are trying to trigger the alert when we have a result superior at 1000 and we have a count equal to 10 000
when we have a look in the activity the alert run but never triggers.
I do not understand why...
do you have an idea

0 Karma

SplunkTrust
SplunkTrust

OK,
at first, your search has results or not?
Please share your search.
Bye.
Giuseppe

0 Karma

New Member

Yes I search as a result.
my search: index="test" work_order="work" |where !like(code, "OK") |stats count(code)

0 Karma

SplunkTrust
SplunkTrust

OK
What's the result of your search? you should have a number.
Anyway, if you have a number, you have to put the other condition, something like this:

 index="test" work_order="work" 
| where !like(code, "OK") 
| stats count(code)  AS count
| where count>1000

Bye.
Giuseppe

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!