Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the Expires parameter of an alert?

danielbb
Motivator
‎09-11-2019 06:46 AM

I'm not clear about the Expires parameter of an alert. What does it mean?

alt text

Tags (2)
Preview file
1 KB
Reply

saravanan90
Contributor
‎02-10-2021 10:27 AM

The impact would be that the dispatch directory(/opt/splunk/var/run/splunk/dispatch) which stores this results set will get filled. Search head bundle will not have this result set. 

https://docs.splunk.com/Documentation/Splunk/8.1.1/DistSearch/HowconfrepoworksinSHC#How_replication_...

0 Karma
Reply

ajitshukla61116
Path Finder
‎02-05-2020 09:37 PM

It define the lifespan of triggered Alert basically how long you can access the result of triggered alert.

Please refer this documenthttps://docs.splunk.com/Documentation/Splunk/8.0.1/Alert/Updatealerts for better understanding.

Reply

danielbb
Motivator
‎02-10-2021 09:03 AM

Let's say we have an alert scheduled to run every five minutes, producing large result-sets and Expires of the alert is set to 24 hours. What's the impact on the system? Do the result-sets live in the search head bundle?

Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...