Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trigger alert not seen as email notification for some events?

Veeru
Path Finder
‎10-13-2022 01:20 AM

on 11th October we had 5 events, but we received only 2 email notification.

 

Below the 5 events of the alert for Yesterday (11th Oct)

 

1            2022-10-11 23:30:04 BST             View Results

2            2022-10-11 23:00:05 BST             View Results

3            2022-10-11 22:30:04 BST             View Results

4            2022-10-11 22:00:02 BST             View Results

5            2022-10-11 14:00:02 BST             View Results

 

But we received email notification only for 1st and 5th event. No email notification for 2nd 3rd and 4th. Could please help us for this discrepancy since we had Client impact and caused so many transactions failures and for issues event was generated but email was not trigged.

Can help me how to resolve this issue

Thank you,
Veeru

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2022 01:25 AM

Hi

have you or your client configured a grace period for that alert? If that's the situation then just you need to change that if. you want alerts for all of those.

Another option is that there is some issues with email servers. You should understand that email is not a reliable (100%) method for alerting. You could look from _internal if those emails have sent like

index=_internal sourcetype=splunkd sendemail

You could add another search word if needed.

r. Ismo 

View solution in original post

Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2022 01:25 AM

Hi

have you or your client configured a grace period for that alert? If that's the situation then just you need to change that if. you want alerts for all of those.

Another option is that there is some issues with email servers. You should understand that email is not a reliable (100%) method for alerting. You could look from _internal if those emails have sent like

index=_internal sourcetype=splunkd sendemail

You could add another search word if needed.

r. Ismo 

Reply
Solved! Jump to solution

Veeru
Path Finder
‎10-13-2022 01:35 AM

Thanks @isoutamo 

I found what's the  solution.

Happy Splunking!

0 Karma
Reply
Solved! Jump to solution

ktsiagas
New Member
‎11-18-2022 03:28 AM

Hi @Veeru

as i am afraid that i have the same issue with you, could you please inform us what have you done to fix the problem?

Best Regards.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...