My alert stopped emailing me today. It was fine previously. Looks like the alert didn't even noticed about the event.

Search alert:

sourcetype="access_combined_wcookie" 10.2.1.152 OR 10.2.1.153 status=500 startminutesago=1

scheduled to run every minute and alert when number of events is greater than 0

Search results:

12.50.83.238 - - [26/Jul/2011:10:36:25 -0700] "GET /android/search?pagesize=15&dapisum=5ea4825a3fc53f5e3010ead87d9624f2&cat=true&propertyType=h&sessionId=bdceNu7SbsVJHbw0RGNft&q=48066&maxRent=800&currentpage=0&minRent=600&deviceId=22a0000023e700f6&minBeds=2&version=1.0.2 HTTP1.1" 500 1229 "-" "android" "-" "74" "10.2.1.152" "8080" ""eventtype=PRDAPP12

107.50.83.238 - - [26/Jul/2011:10:36:13 -0700] "GET /android/search?pagesize=15&dapisum=5ea4825a3fc53f5e3010ead87d9624f2&cat=true&propertyType=h&sessionId=bdceNu7SbsVJHbw0RGNft&q=48066&maxRent=800&currentpage=0&minRent=600&deviceId=22a0000023e700f6&minBeds=2&version=1.0.2 HTTP1.1" 500 1229 "-" "android" "-" "153" "10.2.1.152" "8083" ""eventtype=PRDAPP12

Alert history:
07-26-2011 10:37:02.658 INFO SavedSplunker - SavedSplunker::sendQuery: Running saved_search='Alert - 1 500 on PRDAPP12 or PRDAPP13 from last minute' - result='success' - alert='number of events=0 greater than 0' - triggering - action='no action' - number of events=0

07-26-2011 10:36:02.573 INFO SavedSplunker - SavedSplunker::sendQuery: Running saved_search='Alert - 1 500 on PRDAPP12 or PRDAPP13 from last minute' - result='success' - alert='number of events=0 greater than 0' - triggering - action='no action' - number of events=0