Alerting

Email-alert notification- Why is the order the emails received different than the order in which the logs were output?

Sithima
New Member

We have implemented a real-time search in [Alerts] of Splunk that sends out an email when the corresponding search result is output. When multiple logs (error logs) are output to Splunk at the same time (timing), multiple e-mails are sent out, but we want the e-mails to be received in the order in which the logs were output, but the order in which the e-mails are received is different from the order in which the logs were output, and they are scattered. ※Splunk search results are output in the order in which the logs were generated.

Example: ================

■Splunk Side

01/01 00:00 Real-time search is executed & alert is triggered because alert condition (1) is met (Alert (1)) 01/01 00:00 Real-time search is executed & alert is triggered because alert condition (2) is met (Alert (2)) 01/01 00:00 Real-time search is executed & alert is triggered because alert condition (3) is met (Alert (3)) 

■Mail receiving side

01/01 00:01 Mail received(Alert 2)

01/01 00:02 Mail received(Alert 3)

01/01 00:03 Mail received(Alert 1)

================ ※Mail is received in a scattered order.

 

How to receive emails in the same order as triggered alert?

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Part of the issue is the general nature of email service.  Because of the store-and-forward method for delivering messages and because routing of messages can vary there is no guarantee messages will arrive in the same order in which they were sent.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...