Alerting

How can I configure Alerts not to send blank/empty reports in PDF?

denisevw
Path Finder

I've configured about 75 Alerts to email reports on a daily basis. Some of these reports will have no data. I don't want the Alert to send out the report if it is blank or empty.

I did configure the Alert Condition:

(from savedsearches.conf)

quantity = 1

relation = greater than

The blank/empty report still gets emailed...

Tags (2)
0 Karma

chris_knott
New Member

Hello,

Do you have it to report on each search or per result? When importing my alerts from v5 into a new v6 cluster the option default to each search so any real time alerts were sending blank reports. Once I switched to per result I only get the alert email if there is a matching result.

Thanks,

Chris

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...