Alerting

Discussions

Thread Info

Is it possible to pass the query of an alert to a script?

Is it possible to pass the query of an alert to a script? I want to trigger a script via alert and at the same time I...

by Communicator in

file monitoring

I have file which generates in the windows host. i want to monitor the file and alert it if the date modified is more...

by Builder in

Why am I getting a false DMC Alert that search peer not responding?

The DMC Alert - search peer not responding has false positives. Anyone addressed this issue with a better modified se...

by Explorer in

How to stop the alerts on maintenance window on a specific day?

We have a monthly release on every month third week Saturday from 1:30 AM to 7 AM and also have regular Sunday mainte...

by New Member in

Can you help me set up a Splunk email alert with Microsoft Outlook?

I had configured Splunk to send alert emails to my Outlook, but when i use the pager email address at and T or Tmobil...

by Communicator in

"View Result" link in alert email is broken. How do I get it to redirect to the proper host?

The view result in email alert doesn’t open because it redirects to splunk .xxxx.com:8000 . If I remove the 8000 then...

by New Member in

Why are Splunk 7.x Monitoring Console alerts frequently reporting "DMC Alert - Search Peer Not Responding"?

Splunk 7.x.x Monitoring Console Alerts are frequently reporting that one of our Indexers is "down" with a "DMC Alert ...

by Splunk Employee in

How do I view Webhook content in Splunk?

We're struggling a bit with trying to use Webhooks instead of custom scripts in our alerts. Just as a simple test, we...

by Explorer in

How do you create an alert that triggers when a user clicks a link in a dashboard?

We have a link to a corresponding dashboard inside the content of an alert. We are triggering an alert after 10:35 am...

by New Member in

Can you help me fine-tune my malware related alert?

Hello all! I have a pretty simple real-time alert that lets me know if there are any malware related alerts from a sy...

by Path Finder in

Message Size Exceeds error while sending email

Hi, some of the alerts are getting this "ERROR:root:(552, '5.3.4 Message size exceeds fixed maximum message size'" an...

by New Member in

How do I create an alert which triggers a custom script when unique results are ingested into Splunk?

Hello, I am having trouble establishing a logic to cover the following. Selected events (windows and some syslo...

by Path Finder in

How do you make an alert that doesn't trigger when condition goes true?

I have an alert to send us an email every time an app on the server is stopped. I am searching for a stopped pattern ...

by New Member in

How to change the "FROM" address when alert emails are sent?

As of now when email alerts are sent, the from address is the hostname of server sending the alert. Is it possible to...

by Contributor in

How do I create an alert that is triggered if a source type exists in a lookup table?

I want to create an alert that triggers when a source type doesn't exist in a lookup table (e.g. srctype.csv). But I'...

by Path Finder in

How to adjust the maximum number of concurrent running jobs for this real-time scheduled search?

Running Splunk 6.5.2 build 67571ef4b87d. 4 searches saved as alerts to send emails when triggered by certain conte...

by Engager in

Need alert with webhook to use a proxy server

I am attempting to get my splunk alert with webhook to hit an external server (slack api). I've configured the OS to ...

by New Member in

Why is my scheduled Alert not throttling correctly?

Hi, I have a scheduled alert looking at a certain specific event type, which is set to trigger if the 90th percen...

by Path Finder in

Can you help me with the following firewall alert trigger?

I got the below search and I want to create an alert that would trigger: 1. when the total per day is bigger than X 2...

by New Member in

how can I use "@timestamp" field with an alert action token?

I have "@timestamp" field in search results. I'd like to use the value in my alert message for slack. So, I tried to ...

by New Member in

Get Updates on the Splunk Community!

Alerting

Discussions

Is it possible to pass the query of an alert to a script?

file monitoring

Why am I getting a false DMC Alert that search peer not responding?

How to stop the alerts on maintenance window on a specific day?

Can you help me set up a Splunk email alert with Microsoft Outlook?

"View Result" link in alert email is broken. How do I get it to redirect to the proper host?

Why are Splunk 7.x Monitoring Console alerts frequently reporting "DMC Alert - Search Peer Not Responding"?

How do I view Webhook content in Splunk?

How do you create an alert that triggers when a user clicks a link in a dashboard?

Can you help me fine-tune my malware related alert?

Message Size Exceeds error while sending email

How do I create an alert which triggers a custom script when unique results are ingested into Splunk?

How do you make an alert that doesn't trigger when condition goes true?

How to change the "FROM" address when alert emails are sent?

How do I create an alert that is triggered if a source type exists in a lookup table?

How to adjust the maximum number of concurrent running jobs for this real-time scheduled search?

Need alert with webhook to use a proxy server

Why is my scheduled Alert not throttling correctly?

Can you help me with the following firewall alert trigger?

how can I use "@timestamp" field with an alert action token?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Is it possible to close an alert based on an other...

How to group similar alerts in Splunk Observabilit...

How to create different mail alerts for different ...

0365 splunk addon data comes after delay of 1 day?

Why won't scheduled alerts fire intermediately (us...