Splunk Cloud Platform
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create Alert in Cloud version of Splunk

Evgeny197
Explorer
‎02-27-2025 10:27 AM

There is no option "Alert" when I try to "Save As" for current search. There is also no "Access Controls" in "Settings".

My final plan is to send alerts to Slack channels, but all the instructions I was able to find are for different versions of Splunk (Enterprise etc). Could someone point me in a right direction?

Thank you!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎02-28-2025 07:43 AM

Hi

Obviously you have normal user role or some non power/admin user role.

In normal case only admin or power user can create and run alerts.

As @marnall said you must have correct capability to create alerts. You should ask that from your Splunk Admins which may give it to you or not. That depends on your company policy who can create and run those.

r. Ismo

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-27-2025 12:43 PM

It is a new search

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-27-2025 12:43 PM

Evgeny197_0-1740688978700.png

This is what I see

0 Karma
Reply
Solved! Jump to solution

marnall
Motivator
‎02-27-2025 01:03 PM

Are you able to check if your user has a role with the schedule_search capability? 

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-27-2025 01:07 PM

How can I check that? "Settings" does not have it it seems

Evgeny197_0-1740690435594.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎02-28-2025 07:43 AM

Hi

Obviously you have normal user role or some non power/admin user role.

In normal case only admin or power user can create and run alerts.

As @marnall said you must have correct capability to create alerts. You should ask that from your Splunk Admins which may give it to you or not. That depends on your company policy who can create and run those.

r. Ismo

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-28-2025 08:21 AM

Hi Ismo,

Thank you! I came to that conclusion yesterday and contacted the admins.

Regards,

Evgeny

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-28-2025 08:29 AM
Please mark some answer as Solution, so other people will see it later and get help!
0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
a month ago

Hello Ismo,

I am able to create an alert, but it does not send the alerts to Slack.

I did check that the Slack Alert Setup has an updated "Slack App OAuth Token".

Are there any steps I am missing?

(By the way, if I chose email instead of Slack the alerts go through)

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
a month ago
I haven’t use slack alert action, so I just give general hints.
Usually alert actions are written some log what happened into _internal index you should try to found something which is related to it.
0 Karma
Reply
Solved! Jump to solution

marnall
Motivator
‎02-27-2025 12:24 PM

Is the search a newly formed search or an edited Report? There should be an option for "Alert" when you make a new search and press "Save As", even in cloud.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top