Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Why am I getting multiple email notices per minute from Splunk?

usbamuchmore
New Member
‎12-19-2018 11:34 AM

I have inherited a medium install of Splunk, and for the most part, I understand everything. But, a simple account locked alert is sending multiple, multiple email notices per minute, and I don't understand why. I'll include a screenshot so anyone who sees something let me know. The purpose is to check for real-time account lockouts aalt textnd notify only once.

Tags (2)
Preview file
20 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Vijeta
Influencer
‎12-19-2018 12:14 PM

Probably its because of real-time alert. You can schedule it to run every 1 min for the window of last 60 seconds i.e. 1 minute.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

usbamuchmore
New Member
‎12-19-2018 01:36 PM

Perfect guys thank you!

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-19-2018 01:28 PM

In addition to the great answer from @Vijeta, turn on throttling. This keeps Splunk from generating additional alerts for the same event(s) for a period of time. To do that, click on the "Throttle" box, complete the form, and click Save.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

usbamuchmore
New Member
‎12-19-2018 02:07 PM

The throttling did it, thank you, guys!

0 Karma
Reply
Solved! Jump to solution
Solution

Vijeta
Influencer
‎12-19-2018 12:14 PM

Probably its because of real-time alert. You can schedule it to run every 1 min for the window of last 60 seconds i.e. 1 minute.

0 Karma
Reply
Solved! Jump to solution

usbamuchmore
New Member
‎12-19-2018 12:20 PM

Ok good. Thank you, clearly, I'm very new to Splunk in general.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...