Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to prevent duplicate alerts with multiple search heads

arun_kant_sharm
Path Finder
‎10-17-2019 01:04 AM

Hi Experts,

In my Splunk distributed environment, I have one load balancer and two search heads, and one deployment server.(No Shearch head pooling server configure).
I configured alert mail on both the search head, then I get duplicate alert mail from each search head.
Because of high availability of get alert mail I can`t enable alert mail only on one search head server, and nor I enable alert only on deployment server.
Please suggest how I get only single alerts.
Thanks in advance.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2019 05:59 AM

The solution is to not schedule the same alert on more than one system. The best way to do that is to add a third search head and create a search head cluster (SHC). In a SHC, alerts are automatically scheduled on an available SH so you only need to set them up once and they'll only run once.

---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2019 05:57 AM

I removed the search-head-clustering tag because this obviously is not a SHC situation.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...