Alerting
Highlighted

Why is my alert not triggering?

New Member

Would anyone know why is my alert not triggering?

I have created a simple scheduled alert which should send an email if result count > 0. When I use the "Open in Search" menu then I can see some results. I also see this message on the alert page: There are no fired events for this alert.

The setup looks like this:
alt text

0 Karma
Highlighted

Re: Why is my alert not triggering?

Path Finder

Check your email settings, try to send emails manually from cmd if that is working then check in your app setting where you've defined mail settings.

On the server side, mail setting should be in only one place, may be you've defined it some where else as well.

Thanks,
Rajan Shrivastav

0 Karma
Highlighted

Re: Why is my alert not triggering?

Motivator

You should ignore the "There are no fired events for this alert" message. I have the same message if I click on any of my alerts, and they are all sending email alerts out fine.

The first thing you should do is to Edit Actions and add "Add to Triggered Alerts." Then go to Activity (in the top right corner of Splunk) and select Triggered Alerts and monitor that page. If the alert triggers there, which I'm guessing it will, then you know it's an email problem. If that's the case, there are already a bunch of Splunk Answers that address email alerting problems, including one by me back when I was having the same problem:

https://answers.splunk.com/answers/681118/why-are-the-email-alerts-not-being-sent-anymore.html

Highlighted

Re: Why is my alert not triggering?

Motivator

Also, I believe if you add "Add to Triggered Alerts" that will fix the "There are no fired events for this alert" message. (I don't mind that error message and only add to Triggered Alerts for temporary debugging purposes)

0 Karma
Highlighted

Re: Why is my alert not triggering?

Path Finder

I had the same problem. My search, which generated results, but never triggered, ended with:

| table Time host CPU_Load CPU_limit email_to cc_to

When I changed this to explicitly add a fields statement:

| table Time host CPU_Load CPU_limit email_to cc_to
| fields Time host CPU_Load CPU_limit email_to cc_to

I miraculously started getting alerts.

0 Karma
Highlighted

Re: Why is my alert not triggering?

Explorer

Hi, I am facing same issue, my real time alert is not working at all. It is neither appearing in the triggered alerts nor sending any emails. I have changed the alert type to scheduled - every hour on 30th minute and worked like a charm. Not sure what would be the issue with real time, I have read few comments about latency and ran the query supplied but latency is coming in seconds so probably it can be ruled out. any other thoughts, please let me know.

0 Karma