Solved: Why can't I find the place to create an alert?

PVBsupport · ‎09-18-2014

I am running Splunk 6.1.3 and while in Search, in the New Search area, I have entered "EventCode=1001". A few entries arrive and I click on the Save As button and my only options are: Report
Dashboard Panel
----------------------------
Event Type

(I would include a picture but I don't have enough "karma points".)

From what I researched, there should be an Alert option below Dashboard Panel included in this area but there is no option given.

Please let me know how to create Alerts since this option isn't available within the "usual" method or a way to make the Alert option appear in the Save As drop down menu.

ChrisG · ‎09-18-2014

Does your user role have the schedule_search capability? You can see in Settings > Access Controls > Roles, click on your role and find the list of capabilities down the page.

View solution in original post

ChrisG · ‎09-18-2014

Does your user role have the schedule_search capability? You can see in Settings > Access Controls > Roles, click on your role and find the list of capabilities down the page.

ChrisG · ‎09-18-2014

Great! When you get the information you need from someone on Splunk Answers, please upvote/accept it. Welcome to Splunk!

PVBsupport · ‎09-18-2014

Hi Chris,

Thanks for your suggestion. You have solved my problem! I had to add my list of capabilities.

Why can't I find the place to create an alert?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms