Splunk false alerts

p_gurav · ‎05-29-2017

Hi,

Splunk started sending false alerts since today morning even though aler condition hasn't been triggsered. Once we re-enable alert those are working fine.
Can anybody please help what could be the reason behind this as this is become severity one issue in Splunk Production Environment?

Thanks in advance. 🙂

rajanala · ‎10-25-2021

Any updates ?

Any recommendations on how to troubleshoot the issue of false alerts during the OS patching of the Splunk servers (Indexers/SearchHeads) ?

renjujacob88 · ‎09-12-2017

Can you please provide us more information. Is the alert configured as notable event. if that is the case ,you nee to check your throttling parameters

woodcock · ‎05-29-2017

Get a better description, get a diag file, add the bug tag to this Question, and open a Support Case.

niketn · ‎05-29-2017

Which version of Splunk did it happen?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

p_gurav · ‎05-29-2017

Splunk 6.4.0

p_gurav · ‎05-29-2017

Can somebody please help?

harsmarvania57 · ‎05-29-2017

If it's severity 1 then I'll suggest to raise case with splunk support.

Splunk false alerts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Splunk false alerts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!