Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

a real-time alert error

splunk-user
New Member
‎02-25-2021 12:02 AM

Hello, I want to create a real-time alert. I call the rest interface:

https://<host>:<mPort>/services/saved/searches

, and the parameter is:   is_ visible=1&cron_ Schedule = * * * * * & Description = real time data 25 & alert_ comparator=greater than& alert.digest_ mode=0& action.webhook.param .url= www.ceshi:8099/splunk/webhook/alert& dispatch.earliest_ time=rt-60s&alert_ threshold=30&realtime_ schedule=true&alert_ type=number of events&search=ip=192.168.21.222& alert.expires=15d&name=417218432270925848&output_ mode=json& dispatch.latest_ time=rt-0s&disabled=0&is_ scheduled=true&actions=webhook

However, the error display is returned: 400 bad request: [{"messages": [{"type": "error", "text": "per result alert throttling require at least one throttling field, use * to throttle on all fields"}]}],

Is there a problem with the parameter I passed? Or is there an error in the SPL statement?

Labels (2)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...