Alerting

What is the role of expiration when setting up an Alert?

auzark
Communicator

Can someone, please explain to me what expires does when setting up an alert. I can not find an explanation in the manuals, I search.

auzark_0-1647409563938.png

 

Labels (1)
Tags (2)
0 Karma
1 Solution

SanjayReddy
SplunkTrust
SplunkTrust

Hi @auzark 

Expries meaning , after an alert triggers with output , how long you can able to access that results, before it expries, 

in your example ,alert runs at 15 th minutes of every hour means if alert trigger at 11:15  AM  with output of  15 records, the results will be avalible until 03:15 PM , after that you no loner has access to results.

and alerts runs at 12:15 PM will be active till 04:15 PM so on...

you can able to access triggered resluts from 

SanjayReddy_0-1647412612556.png


select your required alert name and click on view recent 

SanjayReddy_2-1647412653523.png

 

that shows all the previous triggered alerts click on name to get the results of the alert that triggerd at sepcific time 

SanjayReddy_3-1647412724661.png

 

---
If this reply helps you, Karma would be appreciated.

 

 

View solution in original post

SanjayReddy
SplunkTrust
SplunkTrust

Hi @auzark 

Expries meaning , after an alert triggers with output , how long you can able to access that results, before it expries, 

in your example ,alert runs at 15 th minutes of every hour means if alert trigger at 11:15  AM  with output of  15 records, the results will be avalible until 03:15 PM , after that you no loner has access to results.

and alerts runs at 12:15 PM will be active till 04:15 PM so on...

you can able to access triggered resluts from 

SanjayReddy_0-1647412612556.png


select your required alert name and click on view recent 

SanjayReddy_2-1647412653523.png

 

that shows all the previous triggered alerts click on name to get the results of the alert that triggerd at sepcific time 

SanjayReddy_3-1647412724661.png

 

---
If this reply helps you, Karma would be appreciated.

 

 

Get Updates on the Splunk Community!

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...