Using Alerts with Splunk Enterprise Per Sourcetype License

Path Finder


When creating alerts and choosing action as logevent, by default it chooses sourcetype as generic_single_line
But I also get License warning in my license master.
I have Splunk enterprise per sourcetype license. Why can't I use the in-built alerts feature ?

04-03-2019 09:51:50.366 +0000 WARN LicenseUsage - type=Usage s="alert:myalert" st=generic_single_line h="" o="" idx="my_alerts" i="1473278A-8BE2-4B8B-9FC5-BE63d627E13C" pool="null" b=303

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...