I have an alert that I created. When I click "Open in Search and trigger the event, it shows up in the search window, but the event does not trigger the alert (send e-mail, execute the script, or show up in Triggered Alerts).
The alert is in the savedsearches.conf file in system/local and shows up with the Owner as "nobody", the App as "system" and Sharing as "Global".
What can I do to fix this problem? I have several alerts and it appears that none of them are working properly at this time.
UPDATE: It appears the number of searches may be partially responsible. When I have just one real-time alert in the savedsearches.conf file it appears to work correctly, but when I get up to 6, it stops working. The requirements being fulfilled by Splunk require as many as 14 real time searches to trigger alerts when necessary, so I definitely need some kind of solution to this problem.
... View more