I have configured my Splunk alert as shown below. When my alert condition is triggered, I get 2 email notifications sent instead of just one. Any idea why this is? I have configured my search to run every minute using a cron expression, and to check for my criteria in the last 1 minute, and to trigger once for the search criteria so I don't know why I get multiple emails for the same alert. I would like to get only one email notification sent when Number of Sources > 0.
Any help would be appreciate. Thanks
... View more