×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
oyeshampy
New Member
Member since: ‎11-15-2015
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-15-2015
View All

Why is Splunk's alert frequencies not working as e...

by in Alerting
‎11-15-2015 11:17 PM
‎11-15-2015 11:17 PM
Hi There, I have set the frequency for an alert as 25 or more occurrences in 10 minutes if an exception, let's say "IllegalStateException", is found in 25 or more than 25 times in my log file within 10 minutes. If yes, then Splunk should generate an alert and an email has to be sent to the defined recipients. Now according to above alert frequency condition: If we have, let's say 150 occurrences of "IllegalStateException" in my log file within one hour (e.g. 5 exceptions after every 2 minutes), then Splunk should have generated 6 alerts and 6 emails have to be sent. However, in our project we have received 2600+ alert emails with above conditions. Can anybody explain that: How Splunk manages the set frequency? If I have set it correctly? In above mentioned condition, will Splunk check for the exception in logs in the way like from let say 11:00 AM to 11:10 AM 11:10 AM to 11:20 AM 11:20 AM to 11:30 AM and so on or it will check like: 11:00 AM to 11:10 AM 11:01 AM to 11:11 AM 11:02 AM to 11:12 AM and so on Could there be any issue with our project's Splunk setup or if Splunk works like this? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM