Hi,
When creating alerts and choosing action as logevent, by default it chooses sourcetype as generic_single_line
But I also get License warning in my license master.
I have Splunk enterprise per sourcetype license. Why can't I use the in-built alerts feature ?
04-03-2019 09:51:50.366 +0000 WARN LicenseUsage - type=Usage s="alert:myalert" st=generic_single_line h="127.0.0.1" o="" idx="my_alerts" i="1473278A-8BE2-4B8B-9FC5-BE63d627E13C" pool="null" b=303