Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

I am creating test email alerts, but why they are not triggering?

alanxu
Communicator
‎07-13-2015 10:44 AM

Hello,

I am creating an alert to send an email out if any errors are found. So my search is source="MYPATH" ERROR. Results come up when I put "since 5/30/15." After I save it as an alert, I set it to run every hour so that I can test it. However, it never triggers. Do alerts not work with old data?

When I go to my alert and say open in search, it automatically changes it to "Last 1 Hour" so I am confused what I am doing wrong.

Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-13-2015 10:59 AM

You have to specify a time frame and it probably defaults to "last hour". Edit your search and near the top you will see a "Start time" and a "Finish time" field as well as a "Learn more" link. Click on "Learn more" and read all about it. Then set the values as you desire.

Reply

alanxu
Communicator
‎07-13-2015 12:12 PM

Once the search finishes I get results so I will save it and have it run at 30 minutes of every hour

0 Karma
Reply

alanxu
Communicator
‎07-13-2015 12:03 PM

Where is the start and finish time?

0 Karma
Reply

woodcock
Esteemed Legend
‎07-13-2015 12:16 PM

Go to Settings -> Searches, reports & alerts and search for your alert there. If it is not there, create it again and save it as an "Alert". Then you should have all the options.

0 Karma
Reply

alanxu
Communicator
‎07-13-2015 12:22 PM

Time range is when it runs right not the the time range of the data?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-13-2015 02:37 PM

Time range is the time range, when it runs is determined by the cron schedule.

0 Karma
Reply

alanxu
Communicator
‎07-13-2015 12:20 PM

So does Splunk alerts work with old data? I watched the tutorial on alerts from Splunk, but it didnt answer that question

0 Karma
Reply

alanxu
Communicator
‎07-13-2015 12:08 PM

I am going to try to create a new search. So I have my text... source="MYPATH" ERROR. And I will create the date and time range for since 5/30/15. And shouldn't I just run it for 15 mins of every hour so I can test it now.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...