Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Per - result Alert

rvnk
Engager
‎10-27-2024 05:29 PM

I am a grad student and I recently gave a quiz on splunk. There was a true/false question.

Q: Splunk Alerts can be created to monitor machine data in real-time, alerting of an event as soon as it logged by the host. 

I marked it as false because it should be "as soon as the event gets indexed by Splunk" instead of "as soon as the event gets logged by the host". 

I have raised a question because I was not awarded marks for this question. But the counter was "Per-result triggering helps to achieve this". But isn't it basic that Splunk can only read the indexed data? Can anyone please verify if I'm correct? 

Thanks in advance.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-27-2024 05:39 PM

Real-time searches see events before they are indexed.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and stall ...

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Are you ready to uncover the threats hiding in plain sight? Join us for "Print, Leak, Repeat: UEBA Insider ...

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...