Alerting

Splunk alert to verify results sent in previous alert

bsaujla131984
Path Finder

I have an alert which checks the number of messages stuck in the queue with suppressing of 4 hours otherwise there will be number of alerts.

Now I need to make it more dynamic means it should alert only if alert has not been sent for same result in last 4 hours.

Can someone guide with this please?

Labels (1)
0 Karma
1 Solution

DalJeanis
Legend

There is an option to suppress per result rather than for the entire search.

You must write the search so that it gets one line of output per item at the level you want to suppress.

If you give more specific information about your needs, then we can give a more specific reply.

View solution in original post

0 Karma

DalJeanis
Legend

There is an option to suppress per result rather than for the entire search.

You must write the search so that it gets one line of output per item at the level you want to suppress.

If you give more specific information about your needs, then we can give a more specific reply.

0 Karma

bsaujla131984
Path Finder

Can you let me know how can suppress the result rather than whole search?

0 Karma

bsaujla131984
Path Finder

Thanks DalJeanis. It worked.

Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...