In my environment, I am building search head clustering consisting of three search heads and one deployer.
In addition, I am using an alert that sends mail individually with the "map" command and "sendmail" command for logs that meet certain conditions.
However, as a result of checking this morning, only one alert was caught, and even though the result was one line, two mails were sent.
When I checking the internal logs, the logs below were issued in the internal logs of the two search heads at approximately the same timing (deviation of about 0.4 seconds).
"INFO sendemail:128 - Sending email..."
From this I thought that the same search ran for the two search heads.
Is there a workaround for this phenomenon?
Also, are "sendmail" and "map" commands not recommended in clustering?
And Is there a possibility that it is the cause?