Deployment Architecture

A difficult question,How to create an alert on a Splunk cluster?

Communicator

Hi at all,
I created a Splunk cluster, created an alert on the main search, but I could not find it in the alert,
I click "alert" on the navigation bar,It has been constantly in the refresh, Why is this so?
I still have a question:
When I setting "cron" in the alert,I want to run every minute, set */1**** or * /1 * * * * or * /1 * * * on cron,When prompted to save cron format error.
So how can i set up every minute to run on cron? What is the format

Thank you

0 Karma
1 Solution

Communicator

The reason is that I did not create an alert on the main search head. If I create an alert on the main search header, the other search head will not show these errors. And will synchronize the alert.

View solution in original post

0 Karma

Communicator

The reason is that I did not create an alert on the main search head. If I create an alert on the main search header, the other search head will not show these errors. And will synchronize the alert.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

To run a search every minute, use * * * * * as the cron schedule.

As for your other question, what exactly have you set up, where are you saving your alert, and where are you looking for it?
Did you set up an indexer cluster? A search head cluster?

0 Karma

SplunkTrust
SplunkTrust

You can sign up for slack here: http://splk.it/slack

~2100 users registered 🙂

@martin_mueller - I edited to update the link - Liz

0 Karma

SplunkTrust
SplunkTrust

In an indexer cluster or a search head cluster?

If indexer cluster, are you talking about the cluster master? About a dedicated search head searching the cluster's peers?
If search head cluster, are you talking about the captain? The deployer?

0 Karma

Communicator

I have already registered(https://splunk-usergroups.signup.team/), may you approve my registration request? Thank you

0 Karma

Communicator

I do not understand what you mean, do you have an email contact or Facebook, i would like to ask you some questions about Splunk

0 Karma

SplunkTrust
SplunkTrust

What do you mean by "main search"? I'm still unsure about what exactly you have set up, where you are saving your alert, whether you're on an indexer cluster, a search head cluster, etc.

0 Karma

Communicator

I do not understand what you mean, do you have an email contact or Facebook, i would like to ask you some questions about Splunk

0 Karma

Communicator

Sorry, I am from China, so my English level is normal. This "main search" means the master search server in cluster

0 Karma

SplunkTrust
SplunkTrust

This feels like a bigger thing, is the rest of Splunk working normally?

0 Karma

Communicator

I want to create an alert on search server in my cluster. But I can not find the alert after I created it。So I click "Alerts" on the navigation bar , it has been refreshed and no alerts are displayed,In Settings-> KNOWLEDGE -> Searches, reports, and alerts .As above,Show error “Client is not authenticated” .

0 Karma

Communicator

Yes. Other work is normal。

Do you know why you can not create an alert on the Main search?

0 Karma

Communicator

alt text

0 Karma

Splunk Employee
Splunk Employee

Are you using a load balancer (f5?) in front of your search head cluster?

0 Karma

Communicator

Not used, why do you think so? The current cluster architecture is: three search servers, three index nodes, a master index node, and a deployment server and DMC.when I create alert on search server,I can not find the alert have created.

0 Karma

Communicator

show error:“Client is not authenticated”? why ?Should i check where?

0 Karma

Splunk Employee
Splunk Employee

so the 3 search servers (Search Heads) are not clustered?

http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/SHCdeploymentoverview

0 Karma

Communicator

I can not find the main search I have created the alert, suggesting that "client is not authenticated"

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!