Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to receive e-mail alert only once?

n37w0rk
Explorer
‎02-17-2022 01:03 AM

Hello everyone,

I'm still very new to the world of Splunk Enterprise. 😉 I hope that you can help me with my problem.

I created the following search to be notified of app updates by email:

Spoiler
| rest /services/apps/local
| search update.version != ""
| rename title AS Update_APP, version AS Update_Version, update.version AS Update_Versionupdate
| table Update_APP Update_Version Update_Versionupdate

The notification type is scheduled to run every day at 12:00 p.m. I chose one as a trigger. However, I get the same ban notification email every day, even though I've already received it.

What do I have to do so that the message is only sent once.

Please excuse my bad English.

Best regards
Björn

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-17-2022 01:14 AM

Hi @n37w0rk,

you could configure the throttle for your alert, in other words a period, after alert trigger, in which the message isn't sent.

You can configure throttle in alert proprties:

gcusello_0-1645089260757.png

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

n37w0rk
Explorer
‎02-17-2022 02:22 AM

It can be that easy. I was 100% sure I tested it. Now it's funny. Thanks for the quick help

krgds Björn

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-17-2022 02:26 AM

Hi @n37w0rk,

good for you, let me know if I can still help you.

If this answer solves your need, please accept it for the other people of Community.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-17-2022 01:14 AM

Hi @n37w0rk,

you could configure the throttle for your alert, in other words a period, after alert trigger, in which the message isn't sent.

You can configure throttle in alert proprties:

gcusello_0-1645089260757.png

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...