Alerting

What is the role of expiration when setting up an Alert?

auzark
Path Finder

Can someone, please explain to me what expires does when setting up an alert. I can not find an explanation in the manuals, I search.

auzark_0-1647409563938.png

 

Labels (2)
Tags (2)
0 Karma
1 Solution

SanjayReddy
SplunkTrust
SplunkTrust

Hi @auzark 

Expries meaning , after an alert triggers with output , how long you can able to access that results, before it expries, 

in your example ,alert runs at 15 th minutes of every hour means if alert trigger at 11:15  AM  with output of  15 records, the results will be avalible until 03:15 PM , after that you no loner has access to results.

and alerts runs at 12:15 PM will be active till 04:15 PM so on...

you can able to access triggered resluts from 

SanjayReddy_0-1647412612556.png


select your required alert name and click on view recent 

SanjayReddy_2-1647412653523.png

 

that shows all the previous triggered alerts click on name to get the results of the alert that triggerd at sepcific time 

SanjayReddy_3-1647412724661.png

 

---
If this reply helps you, Karma would be appreciated.

 

 

View solution in original post

SanjayReddy
SplunkTrust
SplunkTrust

Hi @auzark 

Expries meaning , after an alert triggers with output , how long you can able to access that results, before it expries, 

in your example ,alert runs at 15 th minutes of every hour means if alert trigger at 11:15  AM  with output of  15 records, the results will be avalible until 03:15 PM , after that you no loner has access to results.

and alerts runs at 12:15 PM will be active till 04:15 PM so on...

you can able to access triggered resluts from 

SanjayReddy_0-1647412612556.png


select your required alert name and click on view recent 

SanjayReddy_2-1647412653523.png

 

that shows all the previous triggered alerts click on name to get the results of the alert that triggerd at sepcific time 

SanjayReddy_3-1647412724661.png

 

---
If this reply helps you, Karma would be appreciated.

 

 

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...