Alerting

Splunk alert to verify results sent in previous alert

bsaujla131984
Path Finder

I have an alert which checks the number of messages stuck in the queue with suppressing of 4 hours otherwise there will be number of alerts.

Now I need to make it more dynamic means it should alert only if alert has not been sent for same result in last 4 hours.

Can someone guide with this please?

Labels (1)
0 Karma
1 Solution

DalJeanis
Legend

There is an option to suppress per result rather than for the entire search.

You must write the search so that it gets one line of output per item at the level you want to suppress.

If you give more specific information about your needs, then we can give a more specific reply.

View solution in original post

0 Karma

DalJeanis
Legend

There is an option to suppress per result rather than for the entire search.

You must write the search so that it gets one line of output per item at the level you want to suppress.

If you give more specific information about your needs, then we can give a more specific reply.

0 Karma

bsaujla131984
Path Finder

Can you let me know how can suppress the result rather than whole search?

0 Karma

bsaujla131984
Path Finder

Thanks DalJeanis. It worked.

Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...