Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

email alert not sending when the condition is ""Number of Results is = 0"

alexchandb
Engager
‎06-05-2017 05:41 PM

I am having trouble with getting a email triggered for the following condition.
"Number of Results is = 0"
the search query is as follows.

index="xxxxx" sourcetype="syslog" earliest=-1d latest=now | stats count

the result of the search is :
count = 0 .

It is able to send other alerts.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-05-2017 10:09 PM

You have to set Trigger alert when = Custom and the condition box below this to be count = 0. The other setting counts the number of rows returned which in your case will always be 1 (not 0 the way that you were thinking).

0 Karma
Reply

inventsekar
Super Champion
‎06-05-2017 07:27 PM

while reading the post, all looks fine..

  • maybe, verify the mail address.
  • try adding this adding one more action - "Add to Triggered Alerts", so that you will know the alert got triggered or not.
  • maybe, verify the Alert Schedule.
  • It is able to send other alerts. // you mean, other email alerts are working fine?
Reply
The Latest From the Splunk Community!