Hi @jodyfsu,
Thanks for you help. I wanted that kind of configuration. Now it's working fine.
But now I'm stuck in it's next step.
Whenever Splunk found any error, it's create a report in pdf format and send a mail notification.
So, suppose today I got four error alerts on different time. So in the first mail contain the first error with pdf but from the second mail alert I got the first error+the new error(second alert) , then in the third mail alert in the pdf I got first error+second error+new error(third error). It made more complicated to understand what is actually real time error, just because it contains previous errors.
My Real -time alert settings :
Alert Type : Real-Time
Trigger Conditions:
Trigger alert when : Per-Result
Throttle : Checked
Suppress results containing field value : *
Suppress triggering for : 24 hour(s)
Please help me on this matter.
If you have any links for this issue, please attach the link.
Thanks, @saibal6
... View more