Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configured real-time issue alert and got multiple mails for single error

saibal6
Path Finder
‎06-07-2018 04:15 AM

I have configured an alert notification on real-time issue and it's working. But I have facing a problem, that any new issue is appear wherever it has only single line error. I got multiple mail notification where the mail time differences was only for 4 seconds means I got 12mails in just one minute for the same single line error.

Where I want only single mail notification on single line real time error.
can anyone suggest/help me on this matter?

0 Karma
Reply

jodyfsu
Path Finder
‎06-07-2018 06:49 AM

When you configure the Alert you can select "Throttle" and then you can say how long to not notify you.

Throttle

Hope this helps. Let us know if you need more.

Preview file
1 KB
Reply

saibal6
Path Finder
‎06-11-2018 06:53 AM

Hi @jodyfsu,

Thanks for you help. I wanted that kind of configuration. Now it's working fine.

But now I'm stuck in it's next step.

Whenever Splunk found any error, it's create a report in pdf format and send a mail notification.

So, suppose today I got four error alerts on different time. So in the first mail contain the first error with pdf but from the second mail alert I got the first error+the new error(second alert) , then in the third mail alert in the pdf I got first error+second error+new error(third error). It made more complicated to understand what is actually real time error, just because it contains previous errors.

My Real -time alert settings :

Alert Type : Real-Time

Trigger Conditions:
Trigger alert when : Per-Result
Throttle : Checked
Suppress results containing field value : *
Suppress triggering for : 24 hour(s)

Please help me on this matter.
If you have any links for this issue, please attach the link.

Thanks, @saibal6

0 Karma
Reply

jodyfsu
Path Finder
‎06-11-2018 07:00 AM

Ah, I would change the search time to be only last 60 minutes or few hours. Like you are seeing, since you are looking back 24 hours it is going to return any other alerts triggered in the last 24 hours.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...