Why are email alerts not getting sent?

aricv · ‎05-18-2016

New to Splunk

I have a search index="data_collection"

They have it set up to email them.

When you are looking at search, you see tons of results ... but no email is ever sent.

alert type
real time
then number of results
greater then 3
in 1 minute
trigger once
throttle every 120 seconds

they want to get a email every time there are more then X number of data entries

aricv · ‎05-19-2016

email has been setup, other alerts work correctly

on the number of results, when you watch it realtime in search, you get 30 a minute sometimes

frobinson_splun · ‎05-18-2016

It is possible that email notification settings still need to be configured. This should be done before email alert notifications can be sent. You can find more details here:

http://docs.splunk.com/Documentation/Splunk/6.4.0/Alert/Emailnotification#Configure_email_notificati...

Based on your trigger conditions, it is also not clear if the number of results that occur in one minute is enough to cause the alert to trigger.

For more details, see

http://docs.splunk.com/Documentation/Splunk/6.4.0/Alert/AlertScenarios#Rolling_time_window_triggerin...

and

http://docs.splunk.com/Documentation/Splunk/6.4.0/Alert/AlertTriggerConditions

Hope this helps!

sk314 · ‎05-18-2016

Do you get emails from other alerts?

Why are email alerts not getting sent?

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability