how to set up the configuration to get the alert n...

mdoadmin · ‎06-10-2019

I create real time alert for a search query action is sending a email for each result.But alert email did not get.Even though the search query triggered.It start to send emails only after two days and alerts continuously sending only for the alert setup date.So how to set up the configuration to get the alert notification on real time.

DavidHourani · ‎06-10-2019

Hi @mdoadmin,

First configure your real time alert as shown here :
https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/DefineRealTimeAlerts

Then make sure your email configurations are done properly as follows :
https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/Alert/Emailnotification

Finally test, test and let us know if it's working.

PS: avoid using real time alerts as it consumes a lot of compute and in most cases can be replaced by an alert that can run every 5 or even 10 mins depending on the required response time in your SLA.

Cheers,
David

VatsalJagani · ‎06-10-2019

Have you gone through this?

mdoadmin · ‎06-10-2019

Follow those steps but still could not get the expected result

how to set up the configuration to get the alert notification on real time?

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup