Alerting

"log event alert action" only logs one event

cam343
Path Finder

Hello,
I'm trying to setup the "log event alert action" within Splunk 6.4.2. I have it working except when the search (alert) returns more than one search, only one event gets logged.

Eg. Search -1h for malware IP addresses through the proxy, I'd like to create a "log event" for each result.

How can I do this?

Thanks

0 Karma
1 Solution

cam343
Path Finder

I figured it out. I needed to change the alert mode to "once per result"

View solution in original post

0 Karma

cam343
Path Finder

I figured it out. I needed to change the alert mode to "once per result"

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...