Re: Do not achieve to trigger my alert

telecomdesign · ‎06-24-2019

Hello,
I would like to create a schedule alert with a simple search. I want to count something and when the number return is to small trigger the alert. But the alert is not working, I've never receive the mail. I don't understand why...

Could someone help me ?

Thanks a lot !

gcusello · ‎06-24-2019

Hi telecomdesign,

at first check if the alert's search (without alert) has results.
Then check if your alert is correctly trigged [Activity - Triggered Alerts] or [your_app - alerts] and click on your alert.
Then you must check if it's correctly configured your eMail gateway [Settings - Server Settings eMail settings].
Then check if the channel between Splunk Search Head and your eMail server is open.

Bye.
Giuseppe

telecomdesign · ‎06-24-2019

Thanks for your answer.
We are trying to trigger the alert when we have a result superior at 1000 and we have a count equal to 10 000
when we have a look in the activity the alert run but never triggers.
I do not understand why...
do you have an idea

gcusello · ‎06-24-2019

OK,
at first, your search has results or not?
Please share your search.
Bye.
Giuseppe

telecomdesign · ‎06-24-2019

Yes I search as a result.
my search: index="test" work_order="work" |where !like(code, "OK") |stats count(code)

gcusello · ‎06-24-2019

OK
What's the result of your search? you should have a number.
Anyway, if you have a number, you have to put the other condition, something like this:

 index="test" work_order="work" 
| where !like(code, "OK") 
| stats count(code)  AS count
| where count>1000

Bye.
Giuseppe

Do not achieve to trigger my alert

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms