Splunk version :7.3.3

We are testing the Custom alert action. We copied the files as alert_test from etc/apps/alert_logevent.

Then we used the example from https://docs.splunk.com/Documentation/Splunk/7.3.3/AdvancedDev/ModAlertsBasicExample    and configurated the  alert_actions.conf and the logger.py  .

We set an alert and add the custom alert to the alert .

And the alert runs every 2 minutes.

The logger example implements a custom alert action that does the following:

• Creates a path to a log file when the alert first fires.
• Writes log messages to the log file when the alert fires.
• Writes log information to an existing Splunk Enterprise log file

BUT when we cat the log ,we found that the message as below the :

2021-02-05T11:08:01.473866 got arguments ['/data/eccom_gao/splunk/etc/apps/alert_log_test/bin/logger.py', '--execute']
2021-02-05T11:08:01.474097 got payload: {"app":"search","owner":"admin","result_id":"0","results_file":"/data/eccom_gao/splunk/var/run/splunk/dispatch/scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94/per_result_alert/tmp_0.csv.gz","results_link":"http://056-gj-test01:8000/app/search/search?q=%7Cloadjob%20scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now",.................................}
2021-02-05T11:08:01.615030 got arguments ['/data/eccom_gao/splunk/etc/apps/alert_log_test/bin/logger.py', '--execute']
2021-02-05T11:08:01.615210 got payload: {"app":"search","owner":"admin","result_id":"1","results_file":"/data/eccom_gao/splunk/var/run/splunk/dispatch/scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94/per_result_alert/tmp_1.csv.gz","results_link":"http://056-gj-test01:8000/app/search/search?q=%7Cloadjob%20scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94%20%7C%20head%202%20%7C%20tail%201&earliest=0&latest=now",...........................................................}
2021-02-05T11:13:01.761179 got arguments ['/data/eccom_gao/splunk/etc/apps/alert_log_test/bin/logger.py', '--execute']
2021-02-05T11:13:01.761385 got payload: {"app":"search","owner":"admin","result_id":"0","results_file":"/data/eccom_gao/splunk/var/run/splunk/dispatch/scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94/per_result_alert/tmp_2.csv.gz","results_link":"http://056-gj-test01:8000/app/search/search?q=%7Cloadjob%20scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94%20%7C%20head%203%20%7C%20tail%201&earliest=0&latest=now",...............................................}
2021-02-05T11:13:01.761179 got arguments ['/data/eccom_gao/splunk/etc/apps/alert_log_test/bin/logger.py', '--execute']
2021-02-05T11:13:01.761385 got payload: {"app":"search","owner":"admin","result_id":"1","results_file":"/data/eccom_gao/splunk/var/run/splunk/dispatch/scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94/per_result_alert/tmp_2.csv.gz","results_link":"http://056-gj-test01:8000/app/search/search?q=%7Cloadjob%20scheduler__admin__search__RMD5e0e0606133e59cd5_at_1612494480_94%20%7C%20head%203%20%7C%20tail%201&earliest=0&latest=now",...............................................}

It seems like :The time stamp in the log is not consistent with the time that the alert runs. The time in the log is not written every two minutes. Sometimes it may take five minutes to write in the log.

Can anyone help me, please?