I have a search defined like this for the alert
| dbxquery connection=MyDB query=usp_Splunk_GetDataForAlert shortnames=true output=csv
My stored procedure looks a week back to determine if certain condition is met. The alert itself is set to run every hour. So if I have a condition that happened today I would be getting the same alert every hour until I pass that point.
How can I make alert to go out once for each set of events that triggered it?
hello there,
hope i understand the question correctly.
you can throttle the alert, read here:
https://docs.splunk.com/Documentation/Splunk/6.6.1/Alert/ThrottleAlerts
hope it helps
hello there,
hope i understand the question correctly.
you can throttle the alert, read here:
https://docs.splunk.com/Documentation/Splunk/6.6.1/Alert/ThrottleAlerts
hope it helps