Solved: Re: Why aren't alerts triggering in my search on S...

guo_dc · ‎05-23-2020

I created an alert w/ a basic search:

index=_internal | stats count          
Cron Expression:     */1 * * * *
Alert condition  choise customer， Trigger Conditions:    search count>0  
Trigger Actions  is Add to Triggered Alerts.

But no alert messages are showing in the Trigger alerts page.
I'm testing w/ Splunk versions 8.0.4. and 8.0.2.
The same alert configration is normal in Splunk 7.

guo_dc · ‎05-26-2020

Question solved. Cause alert.condition item of alert configuration file savesearch.conf have wrong Greater than escape.
For example: normal: alert_condition = search data_count > 0
splunk 8 ： alert_condition = search count > 0
Testing splunk version is 8.0.4, Suggestion next version fix bug.

View solution in original post

guo_dc · ‎05-26-2020

Question solved. Cause alert.condition item of alert configuration file savesearch.conf have wrong Greater than escape.
For example: normal: alert_condition = search data_count > 0
splunk 8 ： alert_condition = search count > 0
Testing splunk version is 8.0.4, Suggestion next version fix bug.

dindu · ‎05-25-2020

Hi,

Could you give us more details?

Check whether the search is producing any results.
Also, include the time window in the search as below.

     index="your_index" sourcetype="your_st" earliest=-1h@h latest=@h

I am searching for a window of one hour

guo_dc · ‎05-25-2020

I modified base search:
index=_internal sourcetype=splunkd earliest=-10m@m latest=@m | stats count as data_count
But also, Alert isn't trigged . In triggered Alerts page don;t appeared.

I check search result in Job manager, Search result is normal.
This fault is the same for linux and windows platform.
When alert condition is number of result, alert trigger is normal.

Why aren't alerts triggering in my search on Splunk 8?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms