Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to create Alert in Cloud version of Splunk

Evgeny197
Explorer
‎02-27-2025 10:27 AM

There is no option "Alert" when I try to "Save As" for current search. There is also no "Access Controls" in "Settings".

My final plan is to send alerts to Slack channels, but all the instructions I was able to find are for different versions of Splunk (Enterprise etc). Could someone point me in a right direction?

Thank you!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎02-28-2025 07:43 AM

Hi

Obviously you have normal user role or some non power/admin user role.

In normal case only admin or power user can create and run alerts.

As @marnall said you must have correct capability to create alerts. You should ask that from your Splunk Admins which may give it to you or not. That depends on your company policy who can create and run those.

r. Ismo

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-27-2025 12:43 PM

It is a new search

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-27-2025 12:43 PM

Evgeny197_0-1740688978700.png

This is what I see

0 Karma
Reply
Solved! Jump to solution

marnall
Motivator
‎02-27-2025 01:03 PM

Are you able to check if your user has a role with the schedule_search capability? 

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-27-2025 01:07 PM

How can I check that? "Settings" does not have it it seems

Evgeny197_0-1740690435594.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎02-28-2025 07:43 AM

Hi

Obviously you have normal user role or some non power/admin user role.

In normal case only admin or power user can create and run alerts.

As @marnall said you must have correct capability to create alerts. You should ask that from your Splunk Admins which may give it to you or not. That depends on your company policy who can create and run those.

r. Ismo

0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎02-28-2025 08:21 AM

Hi Ismo,

Thank you! I came to that conclusion yesterday and contacted the admins.

Regards,

Evgeny

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-28-2025 08:29 AM
Please mark some answer as Solution, so other people will see it later and get help!
0 Karma
Reply
Solved! Jump to solution

Evgeny197
Explorer
‎03-04-2025 11:36 AM

Hello Ismo,

I am able to create an alert, but it does not send the alerts to Slack.

I did check that the Slack Alert Setup has an updated "Slack App OAuth Token".

Are there any steps I am missing?

(By the way, if I chose email instead of Slack the alerts go through)

Preview file
111 KB
0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎03-04-2025 12:48 PM
I haven’t use slack alert action, so I just give general hints.
Usually alert actions are written some log what happened into _internal index you should try to found something which is related to it.
0 Karma
Reply
Solved! Jump to solution

marnall
Motivator
‎02-27-2025 12:24 PM

Is the search a newly formed search or an edited Report? There should be an option for "Alert" when you make a new search and press "Save As", even in cloud.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...