Solved: Real time alerts

christinmb · ‎01-03-2013

Im having problems with the real time alerts, splunk is not sending all the events by email, it works fine in the first 3 minuts, but after that Im not getting any email or events in the alert manager, but if i schedule that same search but dont make it rt search it does work and I get all my alerts in my inbox.
This problem started after I upgrade to Splunk 5, with Splunk 4.x I didnt have that problem

BobDaMann · ‎01-03-2013

Could you provide more information? I'd like to know a little bit more about the alert you have set up.

Perhaps a screenshot of the alert settings?

Are you using throttling?

View solution in original post

BobDaMann · ‎01-04-2013

Awesome. Well I am glad I was able to help. Take it easy.

BobDaMann · ‎01-03-2013

Could you provide more information? I'd like to know a little bit more about the alert you have set up.

Perhaps a screenshot of the alert settings?

Are you using throttling?

christinmb · ‎01-04-2013

It was an error in the "per results throttling fields" and the alerting mode, thanks!

christinmb · ‎01-04-2013

https://dl.dropbox.com/u/97076067/df.png thats the configuration I have

Real time alerts

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024