Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Every 15 minutes after the hour, I receive the webHook, but why does my alert report "There are no fired events for this alert"?

geicosean
Engager
‎02-02-2016 12:48 PM

The search I made into an alert seems to function, but claims "There are no fired events for this alert.", yet every 15 minutes after the hour, I receive the webHook to http://requestb.in/ >.

I am in the process of making an API to receive the JSON and parse it server side. Is this what webHooks are designed for? Are there other tools I should be using to monitor errors made from a specific search? I want to compare them to previous days data with the outlook of filtering new results to a specific list, then assigning the errors based on code classes to a list of developers that would likely work on such aspects of the project.

I am lost at why my trigger is being triggered, but the trigger claims no events. Also, if what I am doing is the purpose of webHooks, is there other tooling built-in to accomplish this?

Reply

sylim_splunk
Splunk Employee
Splunk Employee
‎01-12-2017 05:39 PM

This has been documented in the link, https://docs.splunk.com/Documentation/Splunk/6.5.1/Alert/Triggeredalertaction

Add an alert to the Triggered Alerts list
1. Use one of the following options depending on whether you are creating a new alert or editing an existing alert.
* Create a new alert From the Search page in the Search and Reporting app, select Save As > Alert. Enter alert details and configure triggering and throttling as needed.
* Edit an existing alert From the Alerts page in the Search and Reporting app, select Edit>Edit actions for an existing alert.
2. From the Add Actions menu, select Add to triggered alerts.
3. Select an alert Severity level.
Severity levels are informational only. They are used to group alerts in the Triggered Alerts list. The default level is Medium.
4. Click Save.

Reply

unchura
Explorer
‎08-14-2017 12:15 PM

Thanks! It helped!

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎02-02-2016 02:56 PM

Hi @geicosean,
You might want to start by reviewing the following documentation resources on webhooks and setting up alerts. It sounds like a webhook is the best alert action for your use case. But, you may need to adjust the triggering condition or the search itself in order to get the alerting behavior you want.

http://docs.splunk.com/Documentation/Splunk/6.3.2/Alert/Definescheduledalerts
http://docs.splunk.com/Documentation/Splunk/6.3.2/Alert/ThrottleAlerts
http://docs.splunk.com/Documentation/Splunk/6.3.2/Alert/Webhooks

Hope this helps!

0 Karma
Reply

geicosean
Engager
‎02-03-2016 05:37 AM

Good to know I am on the right track thank you

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...