Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the role of expiration when setting up an Alert?

auzark
Communicator
‎03-15-2022 10:46 PM

Can someone, please explain to me what expires does when setting up an alert. I can not find an explanation in the manuals, I search.

auzark_0-1647409563938.png

 

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

SanjayReddy
SplunkTrust
SplunkTrust
‎03-15-2022 11:40 PM

Hi @auzark 

Expries meaning , after an alert triggers with output , how long you can able to access that results, before it expries, 

in your example ,alert runs at 15 th minutes of every hour means if alert trigger at 11:15  AM  with output of  15 records, the results will be avalible until 03:15 PM , after that you no loner has access to results.

and alerts runs at 12:15 PM will be active till 04:15 PM so on...

you can able to access triggered resluts from 

SanjayReddy_0-1647412612556.png


select your required alert name and click on view recent 

SanjayReddy_2-1647412653523.png

 

that shows all the previous triggered alerts click on name to get the results of the alert that triggerd at sepcific time 

SanjayReddy_3-1647412724661.png

 

---
If this reply helps you, Karma would be appreciated.

 

 

View solution in original post

Reply
Solved! Jump to solution
Solution

SanjayReddy
SplunkTrust
SplunkTrust
‎03-15-2022 11:40 PM

Hi @auzark 

Expries meaning , after an alert triggers with output , how long you can able to access that results, before it expries, 

in your example ,alert runs at 15 th minutes of every hour means if alert trigger at 11:15  AM  with output of  15 records, the results will be avalible until 03:15 PM , after that you no loner has access to results.

and alerts runs at 12:15 PM will be active till 04:15 PM so on...

you can able to access triggered resluts from 

SanjayReddy_0-1647412612556.png


select your required alert name and click on view recent 

SanjayReddy_2-1647412653523.png

 

that shows all the previous triggered alerts click on name to get the results of the alert that triggerd at sepcific time 

SanjayReddy_3-1647412724661.png

 

---
If this reply helps you, Karma would be appreciated.

 

 

Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...