Hi,
I'm using a Splunk alert on a cron schedule of every 5 minutes to trigger two actions on each event:
1. writing to lookup , and
2. service-now incident generation using Splunk App for service now.
The issue is that there is not action on more than half of the events.
For example, I have an action to write each event on lookup, and 5 events fall in that specific time frame. When I check my lookup, I find 2 or 3 of them and not all written on the lookup, and same is the case with ticketing actions.
When I check scheduler logs for the same, the alert_actions shows blank for them, is it a bug ?
... View more