Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Increase max time for a script alert

Mansi24
Path Finder
‎07-18-2019 10:50 PM

I am running a script from a alert which takes around 30 mins to complete . But instead my script is getting fired within5 mins or so and there are multiple instances of same script running. Manually the script works just fine. Is there a way i can increase the time before my scripts get killed or restarted from Splunk. i am using V 7.1.2. PLease help

Tags (2)
0 Karma
Reply

jitendragupta
Path Finder
‎07-19-2019 03:30 AM

Hi, Plz Make it a schedule alert which runs on cron schedule and change its timing to every 30 minutes from Cron Expression. As shown in the screenshot:alt text

0 Karma
Reply

Mansi24
Path Finder
‎07-19-2019 03:44 AM

Thanks for your response , may be my question isn't clear. actually script takes 30 min to run and i have scheduled for every hour but splunk has limitation of running alert script for 5 mins. are you aware what changes i need to do in alerts_actions.conf file in that case.

0 Karma
Reply

jitendragupta
Path Finder
‎07-19-2019 04:01 AM

To avoid this we have throttle option in Splunk. When your alert condition is fired, it will wait for that number of minutes which u have set in the throttle. And only after the throttle period, the next alert is fired. So this will avoid multiple instances of the same script.

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...