Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Real time alerts are not triggering even though results are present in search result.

saibal6
Path Finder
‎06-21-2018 06:27 AM

I have tested with my real-time alert mail notification with few results. It is working properly and always gave me the exact and proper result what I wanted.

But we I set all my 52 real-time mail alerts notification with the same settings what I have previously tested, after that day I didn't get any mail notification for any alerts but the real time errors are present in search result, it's showing me in Splunk whenever I run the search result but it didn't inform me by mail alerts.

My real time mail alert configuration :
Enabled : Yes. Disable
App : search
Permissions : Private. Owned by admin. Edit
Alert Type : Real-time. Edit
Trigger Condition :
Trigger alert when : Number of Results is > 0 in 6 hours. Edit
Trigger : Once
Throttle : Checked
Suppress triggering for : 24 Hours.

Can anyone help me on this matter? Please let me know if you need more information on this matter.
Please attach the useful link if you have.

0 Karma
Reply

somesoni2
Revered Legend
‎06-21-2018 09:28 AM

Running 53 realtime searches could be an overkill (realtime alerts never dies, keep occupying system resources, thus degrading overall system performance). I would suggest rather using a regular historical search, may be running very frequently, say every 5 min or so.

0 Karma
Reply
Get Updates on the Splunk Community!