Hi, I've upgraded from splunk 6.6 to 8.2(single instance) and all my realtime alerts(per result) keep triggering for the same event every 5 minutes(throttle period with usermail as suppresed field ) The only way to stop it is restarting splunk or deactivating the alert. I deactivated all alerts and saved searchs and left only one alert producing a single event with the same result, the alert is triggered every five minutes for the same event. It is a simple query from a server log filtering only errors. I've activated the SavedSplunker debug log and the only strange thing is this message every minute after the event was produced. DEBUG SavedSplunker - failed to write suppressed results to /opt/splunk/var/run/splunk/dispatch/rt_scheduler_Z2VybWFuLnNhbnRhbmE_aHlkcmEtYWRtaW4__RMD53954c1af0f5d4e15_at_1626209231_1.144/results.csv.gz Thanks in advance
... View more