Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Real time alert option not available

cyber_Maddy
Engager
‎10-22-2021 12:15 AM

cyber_Maddy_1-1634886882920.png

If you look at the picture I cant see the real time alert option, Could you please assist me to get this on my splunk ?

Labels (3)
Labels
0 Karma
Reply

PradReddy
Path Finder
‎10-24-2021 09:43 AM

Hi cyber_Maddy,

Overuse of real-time search can result in performance costs and in this you are not able to scheduled a real-time alert because of restrictions that have applied in your environment


Options for restricting real-time search are as follows:

1) Disable real-time search at the indexer level by editing indexes.conf for specific indexes.
2) Disable real-time search for particular roles and users.
3) Edit limits.conf to reduce the number of real-time searches that can be run concurrently at any given time.
4) Edit limits.conf to restrict indexer support for real-time searches.

The documentation, How to restrict usage of real-time search is where you will want to go.
https://docs.splunk.com/Documentation/Splunk/8.2.2/Search/Restrictrealtimesearch

Also, make sure you're reading the documentation for your version of Splunk.

------
An upvote would be appreciated and Accept Solution if it helps!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...