Alerting

maximum number of alerts?

ESIMatNeforce
Path Finder

Hello, currently I have defined 9 Real Time Alerts in my Splunk System
The problem is that only 8 of them "can" trigger depending which of them I "activate"
If I activate all 9 of them, the last one which got activated will not trigger..

how to overcome this issue?

best regards
ESIMatNeforce

Tags (4)
0 Karma

gfuente
Motivator

Hello

Each real-time query/alert, requires a CPU core to run, so just be sure you have enough resources to run all real time querys. In my personal opinion, 9 RT alerts are a lot. It would be much better to run all of them every minute or something like that

Regards

0 Karma

ESIMatNeforce
Path Finder

according to splunk documentation it is better to use real time alerts, rather than scheduled alerts every minute..
regards

0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...