Would anyone know why is my alert not triggering?
I have created a simple scheduled alert which should send an email if result count > 0. When I use the "Open in Search" menu then I can see some results. I also see this message on the alert page:
There are no fired events for this alert.
The setup looks like this:
Check your email settings, try to send emails manually from cmd if that is working then check in your app setting where you've defined mail settings.
On the server side, mail setting should be in only one place, may be you've defined it some where else as well.
You should ignore the "There are no fired events for this alert" message. I have the same message if I click on any of my alerts, and they are all sending email alerts out fine.
The first thing you should do is to Edit Actions and add "Add to Triggered Alerts." Then go to Activity (in the top right corner of Splunk) and select Triggered Alerts and monitor that page. If the alert triggers there, which I'm guessing it will, then you know it's an email problem. If that's the case, there are already a bunch of Splunk Answers that address email alerting problems, including one by me back when I was having the same problem:
Also, I believe if you add "Add to Triggered Alerts" that will fix the "There are no fired events for this alert" message. (I don't mind that error message and only add to Triggered Alerts for temporary debugging purposes)
I had the same problem. My search, which generated results, but never triggered, ended with:
| table Time host CPU_Load CPU_limit email_to cc_to
When I changed this to explicitly add a fields statement:
| table Time host CPU_Load CPU_limit email_to cc_to | fields Time host CPU_Load CPU_limit email_to cc_to
I miraculously started getting alerts.
Hi, I am facing same issue, my real time alert is not working at all. It is neither appearing in the triggered alerts nor sending any emails. I have changed the alert type to scheduled - every hour on 30th minute and worked like a charm. Not sure what would be the issue with real time, I have read few comments about latency and ran the query supplied but latency is coming in seconds so probably it can be ruled out. any other thoughts, please let me know.