I have a number of scheduled alerts which have thresholds configured to send me alerts if we see either too many or too few events in a given timeframe. But a restart of my seachhead triggers each of these events to fire (despite, it would seem the threshold not being crossed).
Is there anyway to prevent these alerts firing when restarting spunk, i.e. delay an alert triggering immediatly following startup.
I can't be the only person to find this irritating 🙂
I have a similar problem - we have real time alerts that trip when there is a lack of certain items present. If there is a brief interruption in communication from the search head to indexers, the alert trips.
Yes, I opened a case. Actually my issue is that when I edit or disable a realtime search, the search triggers. I suspect the two issues are related. I'll post whatever solution I get from support.