Running 4.2.3.
We are running sec in parallel. A few days ago, I had sec alert on a stack dump, but the rt search set to email didn't alert on it. I matched the event from sec with an event in splunk, so it was indexed.
What can be possible causes of splunk not alerting or 'finding' the even to alert on it.
If the docs are true, then the rt alert/searches should never ever miss a event trigger when matched. The rt searches are supposed to see the data as it streams in, before it hits the index.
... View more