Alerting

Email: send only the first alarm and send an "end of the alarm" email

dantonag
Explorer

Hello,

I'd like to understand if it's possible with any Splunk version, preferably version 6 or later, to implement this type of behavior:

- Send and email only the first time the alarm condition is met. If the alarm (scheduled with the "cron" method) triggers again the next time, don't send any email

- Send an "end of alarm" email, after an alarm fired, when the alarm condition is not met anymore

Thanks.

Labels (4)
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!