Archive

Does Splunk log it's Alert Actions?

Engager

I am configuring SNMP traps based off of scheduled searches - does Splunk log this whenever a trap is generated? I ask because I don't want to duplicate logging that is already being done by Splunk.

Tags (1)

Motivator

Yes it does, in the _internal index.

The following search will pull up all alarm actions in a given time range:

index="_internal" sourcetype="scheduler" thread_id="AlertNotifier*" NOT (alert_actions="summary_index" OR alert_actions="")