Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Not able to receive any alerts from SPLUNK for one particular role

Dhanush
Engager
‎10-31-2020 01:58 AM

One of the user is not able to receive any alerts if the user is trying to create an alert. However, If we create the same alert we are able to receive and marked the user as well in CC, he is able to receive the alert. As part of the trouble shooting we could see that particular role has all the capabilities to schedule a search. However, We are still encountering issue.

Need Help..If someone has inputs. That would be a great help.

 

 

@murbanek_splunk 

Labels (1)
Labels
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-31-2020 03:48 AM
When he is doing that search, he was seeing those events?
This is not a real-time alert?
r. Ismo
0 Karma
Reply

Dhanush
Engager
‎10-31-2020 03:54 AM

It's a real time alert where the query count exceeds the threshold count..The user would be receiving alerts.

As part of the troubleshooting we could receive the  exact copy of these alerts, when we create a duplicate one. However, when the user is creating he is not able to get nor us(Even if we are marked in the e-mail)

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-31-2020 08:33 AM

Your user needs also [capability::schedule_rtsearch]
for do alerts based on real-time search.

Then it’s another story should he use real-time alert or scheduled alert. Personally I’m not a fan of real-time alert and until now I have succeeded to do those with normal scheduled searches.
r. Ismo

Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...