Splunk false alerts

p_gurav · ‎05-29-2017

Hi,

Splunk started sending false alerts since today morning even though aler condition hasn't been triggsered. Once we re-enable alert those are working fine.
Can anybody please help what could be the reason behind this as this is become severity one issue in Splunk Production Environment?

Thanks in advance. 🙂

rajanala · ‎10-25-2021

Any updates ?

Any recommendations on how to troubleshoot the issue of false alerts during the OS patching of the Splunk servers (Indexers/SearchHeads) ?

renjujacob88 · ‎09-12-2017

Can you please provide us more information. Is the alert configured as notable event. if that is the case ,you nee to check your throttling parameters

woodcock · ‎05-29-2017

Get a better description, get a diag file, add the bug tag to this Question, and open a Support Case.

niketn · ‎05-29-2017

Which version of Splunk did it happen?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

p_gurav · ‎05-29-2017

Splunk 6.4.0

p_gurav · ‎05-29-2017

Can somebody please help?

harsmarvania57 · ‎05-29-2017

If it's severity 1 then I'll suggest to raise case with splunk support.

Splunk false alerts

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...

Splunk and Fraud

Build Your First SPL2 App!