Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to prevent duplicate alerts with multiple search heads

arun_kant_sharm
Path Finder
‎10-17-2019 01:04 AM

Hi Experts,

In my Splunk distributed environment, I have one load balancer and two search heads, and one deployment server.(No Shearch head pooling server configure).
I configured alert mail on both the search head, then I get duplicate alert mail from each search head.
Because of high availability of get alert mail I can`t enable alert mail only on one search head server, and nor I enable alert only on deployment server.
Please suggest how I get only single alerts.
Thanks in advance.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2019 05:59 AM

The solution is to not schedule the same alert on more than one system. The best way to do that is to add a third search head and create a search head cluster (SHC). In a SHC, alerts are automatically scheduled on an available SH so you only need to set them up once and they'll only run once.

---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2019 05:57 AM

I removed the search-head-clustering tag because this obviously is not a SHC situation.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...