Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is the alert not been triggered as expected?

POR160893
Builder
‎01-08-2023 07:28 AM

Hi,

 

I have an alert that is supposed to trigger an email each subsequent day when there are 0 logs in the last 24 hours against a particular search.

 

However, when there ARE 0 logs in the past 24 hours, my alert does not get triggered for some reason.


My alert is as follows:

POR160893_0-1673191517224.pngPOR160893_1-1673191648391.png

 




Can you please help as I do not understand why this alert is not working as expected?


Many thanks!

Labels (4)
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-08-2023 09:42 AM

Please share the search itself.

---
If this reply helps you, Karma would be appreciated.
Reply

POR160893
Builder
‎01-08-2023 09:50 AM

The search is as follows::
index="corp_security" sourcetype="dns_rpz"

The alert should send an email per day for every subsequent day when there are 0 logs in the last 24 hours

0 Karma
Reply

PickleRick
Ultra Champion
‎01-08-2023 01:49 PM

https://docs.splunk.com/Documentation/Splunk/9.0.3/Alert/AlertTriggerConditions

See the last example

0 Karma
Reply

POR160893
Builder
‎01-08-2023 02:29 PM

So I need to add “earliest=0 latest=now | stats count” to mr current query? Would that look at just the data for the last 24 hours though?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of Splunk APM’s and Splunk RUM’s streaming infrastructure in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...