My alerts are not getting triggered, even after the Start time in Cron Expression met the current time.
I believe it is some sort of access issue...but not exactly sure what all access I should give (I gave Read access to "Everyone" and Write Access to "Admin" )
I would like to know if there is an easy way to change the owner of the Alerts in Splunk Web as we don't have access to conf files right now.
admin - admin user name
changement - admin password
foo - username of the new owner
localhost - if running from the search head itself, leave it as localhost OR give the fqdn of the search head server
User - current owner of the alert search
Apps - name of the app where this alert search is saved (app context)
AlertSearchName - name of your alert search. If it contains special character/spaces, use the url encoded name