Alerting

I am creating test email alerts, but why they are not triggering?

alanxu
Communicator

Hello,

I am creating an alert to send an email out if any errors are found. So my search is source="MYPATH" ERROR. Results come up when I put "since 5/30/15." After I save it as an alert, I set it to run every hour so that I can test it. However, it never triggers. Do alerts not work with old data?

When I go to my alert and say open in search, it automatically changes it to "Last 1 Hour" so I am confused what I am doing wrong.

Tags (2)
0 Karma

woodcock
Esteemed Legend

You have to specify a time frame and it probably defaults to "last hour". Edit your search and near the top you will see a "Start time" and a "Finish time" field as well as a "Learn more" link. Click on "Learn more" and read all about it. Then set the values as you desire.

alanxu
Communicator

Once the search finishes I get results so I will save it and have it run at 30 minutes of every hour

0 Karma

alanxu
Communicator

Where is the start and finish time?

0 Karma

woodcock
Esteemed Legend

Go to Settings -> Searches, reports & alerts and search for your alert there. If it is not there, create it again and save it as an "Alert". Then you should have all the options.

0 Karma

alanxu
Communicator

Time range is when it runs right not the the time range of the data?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Time range is the time range, when it runs is determined by the cron schedule.

0 Karma

alanxu
Communicator

So does Splunk alerts work with old data? I watched the tutorial on alerts from Splunk, but it didnt answer that question

0 Karma

alanxu
Communicator

I am going to try to create a new search. So I have my text... source="MYPATH" ERROR. And I will create the date and time range for since 5/30/15. And shouldn't I just run it for 15 mins of every hour so I can test it now.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...