Hi,
Thanks for your reply, but this is not on a search.
Alerts are triggered based upon a constant monitoring of the inbound data to match a string. I have so little data coming in that there is hardly any data at all in this environment.
I have set up 5 working Alert triggers, each when matched adds an alert, writes what it finds to a text file, then calls an external script. The 5 I have work fine. Then I add a 6th Alert Trigger and it does not trigger. but if I delete any of the other 5 the new one I have written starts to work. This had made me think that Splunk Light (Not SplunkCloud) has some limitation but nobody seems to know if that is correct. I can see no errors in the log at all.
... View more