Solved: Re: Stop recurring alerts

sureshchinta · ‎07-09-2010

I have setup alerts based on a scheduled search in the logs. The application writes a log messages every minute while the error persists, therefore splunk gives out an email per message.

can some one help me with a syntax to avoid reading recurring alerts...

I am clueless in how to approach this problem...ignorance.

Thanks.

Jeremiah · ‎07-12-2010

Check out the alert throttle app:

http://blogs.splunk.com/2010/06/01/alert-throttling/

It should help to reduce the number of alerts you receive. You could run your saved search once a minute but only receive notifications once an hour (or whatever interval you like) after the first alert is generated.

View solution in original post

Jeremiah · ‎07-12-2010

Check out the alert throttle app:

http://blogs.splunk.com/2010/06/01/alert-throttling/

It should help to reduce the number of alerts you receive. You could run your saved search once a minute but only receive notifications once an hour (or whatever interval you like) after the first alert is generated.

Stop recurring alerts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation