All Apps and Add-ons

Slack Notification Alert: Trigger - Prevent notifications if the status is the same

CPOUYE
New Member

Dear all,
We wanted to stop notification when result of alert stay same.

We launch an alert each 4 minutes on specific scope

Target :
- alert without result (no mail)
- alert with result > 0 (first time (send mail)
- alert with more result than before (send mail)
- alert with result = result before (no mail)

At this moment we tested
greater than (and we receive mail each 4 min whil result isn't 0
drop by 1 (and we receive mail when result = 0)

Thanks for your help
Clement - Support to financial company

0 Karma

harsmarvania57
Ultra Champion

Hi @CPOUYE,

You can use Throttling while creating Scheduled Alert but this will trigger multiple alert for multiple output in single scheduled search window.

Please follow below steps while creating scheduled search (Alert).
1.) In Trigger Conditions, select Trigger for Each Result
2.) Then tick the Throttle.
3.) In Suppress results containing field value, please provide field name. If you are counting using stats command then give count in this textbox.
4.) Suppress triggering for -> Here you can give time period till that splunk will not trigger an alert if count will be same (I am assuming that you are using stats count in your query).

I hope this helps.

Thanks,
Harshil

Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...