Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trigger alert not seen as email notification for some events?

Veeru
Path Finder
‎10-13-2022 01:20 AM

on 11th October we had 5 events, but we received only 2 email notification.

 

Below the 5 events of the alert for Yesterday (11th Oct)

 

1            2022-10-11 23:30:04 BST             View Results

2            2022-10-11 23:00:05 BST             View Results

3            2022-10-11 22:30:04 BST             View Results

4            2022-10-11 22:00:02 BST             View Results

5            2022-10-11 14:00:02 BST             View Results

 

But we received email notification only for 1st and 5th event. No email notification for 2nd 3rd and 4th. Could please help us for this discrepancy since we had Client impact and caused so many transactions failures and for issues event was generated but email was not trigged.

Can help me how to resolve this issue

Thank you,
Veeru

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2022 01:25 AM

Hi

have you or your client configured a grace period for that alert? If that's the situation then just you need to change that if. you want alerts for all of those.

Another option is that there is some issues with email servers. You should understand that email is not a reliable (100%) method for alerting. You could look from _internal if those emails have sent like

index=_internal sourcetype=splunkd sendemail

You could add another search word if needed.

r. Ismo 

View solution in original post

Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2022 01:25 AM

Hi

have you or your client configured a grace period for that alert? If that's the situation then just you need to change that if. you want alerts for all of those.

Another option is that there is some issues with email servers. You should understand that email is not a reliable (100%) method for alerting. You could look from _internal if those emails have sent like

index=_internal sourcetype=splunkd sendemail

You could add another search word if needed.

r. Ismo 

Reply
Solved! Jump to solution

Veeru
Path Finder
‎10-13-2022 01:35 AM

Thanks @isoutamo 

I found what's the  solution.

Happy Splunking!

0 Karma
Reply
Solved! Jump to solution

ktsiagas
New Member
‎11-18-2022 03:28 AM

Hi @Veeru

as i am afraid that i have the same issue with you, could you please inform us what have you done to fix the problem?

Best Regards.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...