Getting Data In

Configured real-time issue alert and got multiple mails for single error

Path Finder

I have configured an alert notification on real-time issue and it's working. But I have facing a problem, that any new issue is appear wherever it has only single line error. I got multiple mail notification where the mail time differences was only for 4 seconds means I got 12mails in just one minute for the same single line error.

Where I want only single mail notification on single line real time error.
can anyone suggest/help me on this matter?

0 Karma

Path Finder

When you configure the Alert you can select "Throttle" and then you can say how long to not notify you.


Hope this helps. Let us know if you need more.

Path Finder

Hi @jodyfsu,

Thanks for you help. I wanted that kind of configuration. Now it's working fine.

But now I'm stuck in it's next step.

Whenever Splunk found any error, it's create a report in pdf format and send a mail notification.

So, suppose today I got four error alerts on different time. So in the first mail contain the first error with pdf but from the second mail alert I got the first error+the new error(second alert) , then in the third mail alert in the pdf I got first error+second error+new error(third error). It made more complicated to understand what is actually real time error, just because it contains previous errors.

My Real -time alert settings :

Alert Type : Real-Time

Trigger Conditions:
Trigger alert when : Per-Result
Throttle : Checked
Suppress results containing field value : *
Suppress triggering for : 24 hour(s)

Please help me on this matter.
If you have any links for this issue, please attach the link.

Thanks, @saibal6

0 Karma

Path Finder

Ah, I would change the search time to be only last 60 minutes or few hours. Like you are seeing, since you are looking back 24 hours it is going to return any other alerts triggered in the last 24 hours.

0 Karma
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

Splunk Cloud Platform | New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...