Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I have created an alert and setup email for it but its not working

shreyasathavale
Communicator
‎05-19-2015 02:39 PM

I have created the following alert (using UI or Alert Manager) and have set alert mail on condition warning > 0 which is working fine.

earliest=-2h environment=Test Severity=Error|stats count as warning by Message,_time |sort _time desc

Now i want the mail format to be in tabular form so i modified the search to below with same alert condition:

earliest=-2h environment=Test Severity=Error|stats count as warning by Message,_time |sort _time desc|table Message,_time

But the 2nd search is not generating an alert mail.
Any idea on this will be helpful

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

stephanefotso
Motivator
‎05-19-2015 02:55 PM

If your condition is warning > 0 , warning must be one of your table outputs. Try this and let me know

earliest=-2h environment=Test Severity=Error|stats count as warning by Message,_time |sort _time desc|table Message,_time, warning
SGF

View solution in original post

Reply
Solved! Jump to solution
Solution

stephanefotso
Motivator
‎05-19-2015 02:55 PM

If your condition is warning > 0 , warning must be one of your table outputs. Try this and let me know

earliest=-2h environment=Test Severity=Error|stats count as warning by Message,_time |sort _time desc|table Message,_time, warning
SGF
Reply
Solved! Jump to solution

shreyasathavale
Communicator
‎05-19-2015 03:07 PM

Thanks..will try it..

0 Karma
Reply
Solved! Jump to solution

stephanefotso
Motivator
‎05-20-2015 02:11 PM

ok. Iet me know if any issue.

SGF
0 Karma
Reply
Solved! Jump to solution

shreyasathavale
Communicator
‎05-24-2015 08:46 PM

Had tried that too previously but was not working. Created the same alert using savedsearch and it worked 🙂

0 Karma
Reply
Solved! Jump to solution

shreyasathavale
Communicator
‎05-19-2015 03:15 PM

search is returning values but still not sending an email.. 😞 rather have got a blank mail without results in mail

0 Karma
Reply
Solved! Jump to solution

stephanefotso
Motivator
‎05-22-2015 03:56 PM

ok now, at the alert action screen, include an inline Table .

SGF
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...