Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the Expires parameter of an alert?

danielbb
Motivator
‎09-11-2019 06:46 AM

I'm not clear about the Expires parameter of an alert. What does it mean?

alt text

Tags (2)
Preview file
1 KB
Reply

saravanan90
Contributor
‎02-10-2021 10:27 AM

The impact would be that the dispatch directory(/opt/splunk/var/run/splunk/dispatch) which stores this results set will get filled. Search head bundle will not have this result set. 

https://docs.splunk.com/Documentation/Splunk/8.1.1/DistSearch/HowconfrepoworksinSHC#How_replication_...

0 Karma
Reply

ajitshukla61116
Path Finder
‎02-05-2020 09:37 PM

It define the lifespan of triggered Alert basically how long you can access the result of triggered alert.

Please refer this documenthttps://docs.splunk.com/Documentation/Splunk/8.0.1/Alert/Updatealerts for better understanding.

Reply

danielbb
Motivator
‎02-10-2021 09:03 AM

Let's say we have an alert scheduled to run every five minutes, producing large result-sets and Expires of the alert is set to 24 hours. What's the impact on the system? Do the result-sets live in the search head bundle?

Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...