Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a trigger alert with condition that relies on an other alert?

mcayrol
Explorer
‎01-25-2021 11:05 AM

Hello splunkers,

I don't now if my title makes sense but here is the situation :

I have an alert called buy signal and another called sell signal.

I want to make sure that only my buy signal alert can be triggered ONCE and after i want to make sure only my sell signal alert can be triggered ONCE etc etc ..

Do you now a parameter that can do this ?

Thank you for your help

Labels (2)
Labels
0 Karma
Reply

mcayrol
Explorer
‎01-26-2021 02:35 PM

Don't hesitate if you need more information

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-26-2021 11:54 PM

Hi

Currently splunk don't support this kind of chained alerting. There is request for that in ideas.splunk.com.

Anyway you could try to create alert which write event to the new index (Add Actions -> Add to Triggered Alerts), then create second alert which is using that output from index etc....

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...