Solved: Stop recurring alerts

sureshchinta · ‎07-09-2010

I have setup alerts based on a scheduled search in the logs. The application writes a log messages every minute while the error persists, therefore splunk gives out an email per message.

can some one help me with a syntax to avoid reading recurring alerts...

I am clueless in how to approach this problem...ignorance.

Thanks.

Jeremiah · ‎07-12-2010

Check out the alert throttle app:

http://blogs.splunk.com/2010/06/01/alert-throttling/

It should help to reduce the number of alerts you receive. You could run your saved search once a minute but only receive notifications once an hour (or whatever interval you like) after the first alert is generated.

View solution in original post

Jeremiah · ‎07-12-2010

Check out the alert throttle app:

http://blogs.splunk.com/2010/06/01/alert-throttling/

It should help to reduce the number of alerts you receive. You could run your saved search once a minute but only receive notifications once an hour (or whatever interval you like) after the first alert is generated.

Stop recurring alerts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation