Hi Everyone ,
We have set schedule search with conditions
Scheduled Type= Cron : 0 */12 * * * .
Alert type : Always
Alert Mode : One per Each
Which should be triggered for 3 mail ids
Now the problem is the email alerts aren't coming . If we run the query we are getting the reports and exact required no fault in the query and more over i tried by setting "Basic" with 1 min time stamp to my mail id . I'm getting the alerts accordingly, But when we do the same with the above schedule type the email alerts aren't triggering . Can anyone help in this
Thanks in advance.
there could be a problem if your results are large and they exceed the maximum dimension of eMail body or attachment.
try to unset all the settings in your eMail.
Even i tried setting with basic for every 12 hours , it should be triggered still we haven't got the mail alert. I tried by doing basic 1 min with only mail ID i'm receiving the mail alerts.
Just to be sure that email exchange is setup and Splunk is able to send emails, have you tested any existing Dashabord/Report for scheduled PDF delivery by email Export > Schedule PDF Delivery > Check the Schedule PDF check box and after filling Email To, click Send Test Email at the bottom. If the email delivers fine it implies email exchange on Splunk server is setup properly and is not blocked by network.
If you feel your cron schedule has issue, you can test your cron expressions through online utility. Cron expression provided bby cmerriman is correct i.e.
0 */12 * * * runs every 12 hours.
We have another scheduled Report set with the PDF , we are going good with that daily mail reports are generating without fail , i have set cron once again as you people mentioned let me check for 2 days as i created a new search in test environment , If everything is going good than its fine . I will confirm you after the alert triggers with the cron search