a real-time alert error

Alerting

Hello, I want to create a real-time alert. I call the rest interface：

https://<host>:<mPort>/services/saved/searches

, and the parameter is: is_ visible=1&cron_ Schedule = * * * * * & Description = real time data 25 & alert_ comparator=greater than& alert.digest_ mode=0& action.webhook.param .url= www.ceshi:8099/splunk/webhook/alert& dispatch.earliest_ time=rt-60s&alert_ threshold=30&realtime_ schedule=true&alert_ type=number of events&search=ip=192.168.21.222& alert.expires=15d&name=417218432270925848&output_ mode=json& dispatch.latest_ time=rt-0s&disabled=0&is_ scheduled=true&actions=webhook

However, the error display is returned: 400 bad request: [{"messages": [{"type": "error", "text": "per result alert throttling require at least one throttling field, use * to throttle on all fields"}]}]，

Is there a problem with the parameter I passed? Or is there an error in the SPL statement?

a real-time alert error

alert action

throttling

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

a real-time alert error

alert action

throttling

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>